- S2 Grupo has warned that vulnerabilities detected in this type of devices can become a gateway for cyber-attackers.
- A misconfiguration could allow cybercriminals to access sensitive information such as e-mails, user credentials, or documents containing sensitive information that have been previously scanned.
Madrid, August 3, 2017. – S2 Grupo, a company specializing in cybersecurity and critical systems management, has warned that the lack of security of printers and multifunction devices can put companies and organizations at risk because they can become an access door to possible cyberattacks.
“This type of equipment is often set aside from the point of view of configuring cybersecurity and this can be a problem if vulnerabilities are detected. Through these devices a cybercriminal could access confidential information such as emails, user credentials or documents containing sensitive information that have been previously scanned”, said José Rosell, associate-director of S2 Grupo.
In this sense, a multifunction device that does not ask for a password to access its web portal, allows anyone on the corporate network to have control of the information it contains and have visibility of all its documents, as it happens with those which have been scanned.
“A person with the right knowledge could even know the location of the device. This would allow him to select his objective more clearly for his benefit, e.g., having access to the printer that has more sensitive information such as the financial team or administration”, stressed Miguel A. Juan, associate-director of S2 Grupo.
The company’s team of experts has pointed out that it is imperative for security managers in each organization to thoroughly analyze all the avenues for unsecured configurations of the capabilities they offer so they can properly protect each environment.
To avoid the cyber-risk associated with printers and multifunction devices, from S2 Grupo we recommend:
- Tener cuidado con los privilegios en la red corporativa.- Es fundamental que los usuarios con acceso al equipo no dispongan de privilegios en la red corporativa porque el uso que realicen de él dependerá de la seguridad que ofrezca el propio dispositivo.
- Beware of privileges in the corporate network .- It is essential that users with access to the computer do not have privileges in the corporate network because the use they make of it will depend on the security offered by the device itself.
- For the case of personnel handling sensitive information, it is important to choose carefully the type of printer they will use and to check that they offer the appropriate protection mechanisms. It is also advisable to place these printers on isolated networks with greater control of access to their activity and control interface.
- It is advisable to implement security controls that allow monitoring the operation of accounts and privileged access to this type of computers.