IoT cyber security risks are generating new threats vulnerabilities. New research exposed the risk with an office printer that has been manufactured by The world’s leading manufacturers. The research observed that networked printers in businesses, be it large and small could potentially be a much greater danger than paper jams and extortionate ink prices. The research inference on “remote vulnerabilities” in all printers tested against “various attack vectors—uncovering a large number of zero-day vulnerabilities.” was appalling. It means that those devices could be the easily accessible entrance for cyber attackers into small businesses, enterprises, and government departments.
Six months of research was conducted by NCC Group researchers, Mario Rivas and Daniel Romero, to identity “vulnerabilities and exploitations relating to devices made by six of the largest enterprise printer makers in the world.” The researchers, during the course of the research, uncovered weaknesses that exposed devices to Denial of Service (DoS) attacks, which are of much more concern when it comes to the potential for those devices to be utilized as entry points into the larger frame of corporate networks, with remote code execution and the bypassing of security layers.
As per Forbes, The findings will be presented at DEF CON on August 10.
The manufacturers targeted by the results, Xerox, HP, Lexmark, Kyocera, Brother, and Ricoh, were alerted and
“were able to provide updates to close up the identified vulnerabilities and secure the affected devices against the exploits uncovered by the researchers.”
In the research’s recent disclosure facilitated by Microsoft that hackers, supposedly sponsored by Russia’s military intelligence, had already attacked multiple locations using IoT devices as their entry point to the cyber arena. One of the entry gates to them was an office printer. This is the same group that has prompted Microsoft to deliver “nearly 1400 nation-state notifications to those who have been targeted or compromised.”
“And that disclosure followed the news that VxWorks, the real-time operating system inside around 2 billion IoT devices, including everything from elevators to medical equipment—and of course printers, also had multiple zero-day vulnerabilities…IoT devices are purposefully designed to connect to a network and many are simply connected to the internet with little management or oversight. In most cases, however, the customers’ IT operation center don’t know they exist on the network,”Microsoft
states Microsoft in an official statement.
It is crystal clear as a matter of fact that the upcoming major attack on the world will be facilitated by the cyber networks through IoT soft points that will make the matter ugly since a lot of people are heavily dependent on the cyber networks for performing daily tasks.