A new research by Checkpoint, OfficeJet all-in-one inkjet printer can give hackers control of the printer and act as a springboard into an attached network environment. IT security experts commented below.
Jason Garbis, VP at Cyxtera:
“This vulnerability is an excellent example of the porousness of the perimeter, and the need to enforce the principle of least privilege to all network services. When you have a fax machine – which literally can be accessed by nearly every person on the planet – connected to your internal network, it’s imperative to recognize this as part of the attack surface, and as a potential launching point for lateral movement. As this latest security research shows, the digitization of faxes allows attackers to take an analog signal, and pivot that into a digital attack. Security teams need to treat devices such as fax machines as untrusted, and to restrict the network access. Organisations should place these devices onto isolated network segments, and only permit controlled network connections to the device. These devices should not be granted broad network access or be permitted to initiate connections across the network. Since these devices may be used by many people as part of their job, any solution cannot impede business productivity.
“In addition to monitoring incoming faxes for unexpected content, security teams should monitor these multi-function fax machines for any anomalous behavior. In general, they should only be receiving inbound connections and not initiating connections across the corporate network.
“Have a security team ready to respond by turning off the machine! Of course, if an attacker has pivoted from the fax machine to other internal systems, a security team’s usual incident response process and team need to be applied to this. Fax machines should be placed on isolated network segments and be unable to connect to any other internal corporate resource. Work with your security team! Let them know if you have such a device on your network and cooperate with them to come up with an agreeable solution that’ll keep you productive while not putting the organization at risk.”
Bob Noel, Director of Marketing and Strategic Partnerships at Plixer:
“We live in a digital world where all business workflows have a digital footprint, and the constant stream of new vulnerabilities will never slow down. Any IP connected device on a network creates its own threat surface, including printers that double as fax machines, and IoT devices. In most cases they are provisioned onto the network as trusted devices, which means they are allowed to transmit any protocol or application across the network segments for which they have access. With so many threat surfaces, organizations must do two things to reduce their risk. First, they much transition to a model of zero trust. Devices should be provisioned in a least privilege model, where they are only allowed to communicate over the protocols and applications for which they are meant. Second, they must begin deploying network traffic analytics to scrutinize the traffic and look for patterns of malicious activity.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.