Security researcher Deral Heiland gave a talk at the DefCon 19 conference, demonstrating the various ways of compromising internet-ready, consumer-grade MFPs, PC World have reported.
While users are advised to change default passwords as soon as possible, Heiland was eager to highlights the inherent flaws of the devices as opposed to human error, firstly by demonstrating incredibly simplistic methods of bypassing such preventative measures to gain access into administrative control by adding an additional backslash or “page=”.
Heiland also highlighted some basic coding flaws on printer administration webpages which can expose sensitive information such as passwords, some as straightforward as requiring a right-click in the Firefox internet browser, manipulating the increasingly common backup feature to export passwords in plain text and redirecting test pages through the Lightweight Directory Access Protocol (LDAP) to set himself up as a valid user.
Printers successfully attacked include the HP OfficeJet, Canon ImageRunner, Sharp and Ricoh printers.
Printer security has been an issue in recent months, with security firm Zscaler has previously been able to locate over 120,000 print-related devices which could be easily hacked through the internet.