Black Hat: Embedded Web servers open printer, scanner security holes

Zscaler Labs Black Hat presentation to show security threat posed by Internet-connected printers, photocopiers, scanners

It's fairly simple to find corporate or consumer printers and scanners online and, without breaking into them, get a hold of documents that these devices recently processed.

It can be done because "there are embedded Web servers that come in hardware devices," says Michael Sutton, vice president of security research at Zscaler Labs, who will present his research at next week's Black Hat Conference. The embedded Web servers in "photocopiers, printers and scanners are there for the purpose of ease of administration," but the functionality is not hardened, the devices are available directly through the Internet, and often they aren't password-protected, he says.

MORE ON SECURITY: The 5 biggest IT security mistakes

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

It's fairly simple to find corporate or consumer printers and scanners online and, without breaking into them, get a hold of documents that these devices recently processed.

It can be done because "there are embedded Web servers that come in hardware devices," says Michael Sutton, vice president of security research at Zscaler Labs, who will present his research at next week's Black Hat Conference. The embedded Web servers in "photocopiers, printers and scanners are there for the purpose of ease of administration," but the functionality is not hardened, the devices are available directly through the Internet, and often they aren't password-protected, he says.

MORE ON SECURITY: The 5 biggest IT security mistakes

In his research, Sutton says he discovered he can easily find these printers, scanners and photocopiers, including those made by HP, Ricoh and Sharp, out on the Internet, and simply use the available features "to remotely retrieve anything recently photocopied, such as download a PDF copy of it."

He said he's able to find this equipment with its embedded Web servers through scripts he wrote to scan huge blocks of IP addresses to recognize certain tell-tale Web header fingerprints. "There's no breaking-in required," Sutton adds.

He says the reason he's highlighting the risks is because "I want enterprises and consumers to recognize that an embedded Web server is a Web server and you've got to shut off some features," adding, "it's like a public Web server." Features should not be enabled by default, nor used without password protection. But he notes many people probably are unaware these embedded Web servers are even there in these printers, photocopiers and scanners.

Read more about security in Network World's Security section.