Not logged in
Log in now
Create an account
Subscribe to LWN
Pencil, Pencil, and Pencil
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
Little things that matter in language design
I would say that putting the printers behind a firewall is a very sensible idea if they are going to start burning their paper.
firewalls are not magic
Posted Dec 1, 2011 13:52 UTC (Thu) by dlang (✭ supporter ✭, #313)
if you have a printer directly expose to the Internet, then you also are allowing anyone on the Internet to print anything they want in your office, using up paper and toner, wearing out the printer. That seems like a rather significant problem in and of itself :-)
firewalling also won't really help the identity theft example given (it may make it a smidge more complicated), because all that you need to do is to have the printer store the document and the second computer can retrieve the info later
Why a problem?
Posted Dec 1, 2011 14:54 UTC (Thu) by NRArnot (subscriber, #3033)
The game changes dramatically if that is NOT the worst they can do, if they can write the device firmware via the port(s) intended to be used for writing the paper. Firmware updates should access the printer through a different port, and the printer should as shipped have that port either firewalled for local subnet access only, or (much better) turned off. SOP would then be "Firmware Update Enable" -> "On" using the front panel, before running the firmware updater, which in turn should re-set the enable state to "Off" upon successfully installing the update. Paranoia should dictate re-setting to "Off" maybe 12 hours later, even if no firmware update was sent.
It's the problem of the missing hardware write-lock switch, for the umpteenth time.
Posted Dec 8, 2011 6:31 UTC (Thu) by jamesh (guest, #1159)
While the printers came with fancy network interface cards with support for almost every network printing protocol you can think of, these were essentially separate devices. The NIC could be used with a number of different models of printer, and the printer would function if you removed the NIC. Without the NIC, the only methods of input were the parallel port and the buttons on the control panel.
If you wanted to upgrade the print engine's firmware (as opposed to the NIC's firmware), it needed to be as a print job. You could submit this job via the parallel port or via the NIC -- it would look the same to the print engine.
I wouldn't be surprised if they could improve things these days where networking is integrated into the printers better, but there is probably a lot of legacy code in the printers.
Printer vulnerabilities via firmware update
Posted Dec 1, 2011 13:58 UTC (Thu) by ekj (guest, #1524)
Posted Dec 1, 2011 14:08 UTC (Thu) by michaeljt (subscriber, #39183)
The article said the the printers were bricked at the end of the operation anyway.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds