NewSky Security researchers discovered a misconfiguration in over a thousand Lexmark printers that are accessible over the Internet. These are printers used by universities, businesses and the U.S. government. The misconfiguration is allowing unauthorized individuals to access the printers via the internet without a password.
NewSky Security considers it gross negligence of the users not to configure the administrative password. Because of the lack of security, it is easy to attack the printers even for people with little skill. Unauthorized individuals can remotely access and control the printer, even change its password, put a backdoor and capture print jobs.
Researchers were able to find the misconfigured Lexmark printers using the search engine Shodan. They found 1,475 unique IPs and 1,123 of the printers lack security. Only 24% of the printers redirected to a login page. Any attacker with no impressive hacking skills can easily take control of these poorly configured printers. The Lafayette Consolidated Government owns one of the unsecured printers. Many of the printers belong to universities. NewSky is trying to reach out and alert the organizations regarding this problem.
Printer security is largely neglected by many end users. It’s not the first time that the NewSky researchers discovered printer misconfigurations. Many Brother printers were also misconfigured in October. Other brands of Internet-enabled printers are probably misconfigured as well. If your organization is buying internet-enabled printers, don’t forget to configure them correctly to keep them hidden from the public internet. Change default passwords and replace with strong admin passwords. Close open ports and stop unnecessary services.