CYBERSPACE – In an article published this week, ComputerWorld.com recounts the cautionary tale of McCormick and Co., and the giant spice company’s recurring problem with worms – not the wiggling, animal variety, but the costly, invasive, digital kind.When Blaster originally took hold at McCormick, the worm spread rapidly through the company’s network, infecting computers in offices and production facilities alike. What baffled the company’s IT employees, though, was the fact that Blaster kept recurring even after an extensive network-wide anti-viral scrub.
The reason for the recurring problem, it turns out, is that Blaster, along with the Sasser worm, was re-propagating from infected networked printers, according to what company officials told ComputerWorld.com.
“Printers were just one of several types of systems contributing to the nightmare at the time,” Michael Rossman, who had recently become global director of IT services and information security for McCormick at the time of the Blaster worm’s outbreak in 2003. “Blaster went to all our PCs, our radio frequency units, our handhelds. And, we learned belatedly, it also spread to our printers.”
According to ComputerWorld.com, there has been little evidence of printer-based exploits spreading across company networks and the issue has accordingly slipped on to the back-burner for most IT professionals.
Some security experts are now warning that companies ignore their printer-driven vulnerability at their own peril, noting that many printers are laden with a wide variety of applications and run an assortment of vulnerable services with next to no oversight from corporate IT staffs.
“It’s been my experience that these devices have been completely overlooked from a risk management perspective,” security researcher Brendan O’Connor told ComputerWorld.com. “They’re installed. They work. And nobody pays them any attention until it’s time to install a new paper tray or print cartridge.”
In a presentation at the Black Hat conference in Las Vegas last summer, O’Connor gave a presentation on how to get around authentication, execute commands at the root level, and create shell code to compromise printers from the Xerox WorkCentre line of printers, which use Linux operating systems.
“There are actually a quite a few attack vectors in these printers,” O’Connor told ComputerWorld.com. “I shared a couple in my talk and I released a couple others privately to Xerox.”
Xerox reportedly thanked O’Connor for his research and issued a patch, although O’Connor says some vulnerabilities still exist in the WorkCentre line.
One reason for the generally lax security standards for networked printers is the relative paucity of attacks targeting printers, a fact that Dean Turner, a senior manager for security response at Symantec Corp attributes to it being easier for hackers to target PCs and laptops.
Turner cautioned that as laptops and PCs are made more secure through more rigorous security standards, hackers will turn their attention to devices that get less attention from IT departments, like printers.
Another problem cited by security professionals is a commonly held misconception that printers are only open to exploit via attacks that originate from a company’s local area network or through a remote login to a virtual private network. Not so, Alan Paller, research director at the SANS Institute told ComputerWorld.com.
“Five years ago, four HP Jetdirect printer controllers were used in a denial-of-service attack that took down an ISP in New Mexico,” Paller said. “And more recently, shared printers have become back doors that allow attackers to bridge from low-security areas to high-security areas.”
As McCormick and Co. found out, allowing lax security protocols for a networked printer can be a costly error.
“Network printers are large print devices with embedded Windows systems that are interacting with the network just like any other Windows-based system,” McCormick’s IT director Rossman said. “They need to be secured.”
