A new study has found that printers commonly used in enterprise environments are a security risk that can be exploited to leak information and execute code.

The study, Exploiting Printer Security from Ruhr-Universität Bochum researcher Jens Müller, analyzed 20 printers and multi-function printers to find that every single printer tested had at least one exploitable security vulnerability.

Testing of the printers, which included units from HP, Brother, Lexmark, Dell, Samsung, Konica, OKI and Kyocera, found that the vulnerabilities were primarily due to vendors failing to separate page description languages such as PostScript and PJL/PCL that are used to generate the output from printer controls. “Potentially harmful commands can be executed by anyone who has the right to print,” Müller noted in the paper.

The attacks described in the study can be launched through USB, remotely over the local network or from the Internet via a malicious website using cross-site printing and cross-origin resource sharing spoofing. Using PostScript and Printer Job Language commands, an attacker can access entire file systems from some printers, including passwords for the embedded web server.

The HP LaserJet 1200, 4200N and 4250N along with the Dell 3130cn and Samsung Multipress 6345N were also found to have a vulnerable line printer daemon service that cannot handle usernames with 150 or more characters, meaning that sending a long username to the LPD service causes the printer to crash, and with the correct shellcode and return address, the vulnerability could be used for remote code execution.

Müller said that he had advised the vendors of his findings. But given that some of the vulnerabilities have been known for more than a decade, it appears that printer makers aren’t much concerned and haven’t been taking printer security seriously.

Image: 29233640@N07/Flickr/CC by 2.0