Thousands of Lexmark Printers Exposed Online

NewSky Security researchers discovered more than 1,000 Lexmark printers unsecured and exposed to the internet. Using Shodan, a publicly available internet-of-things (IoT) search engine, NJCCIC analysts determined that this exposure impacts some organizations within New Jersey. Several of these printers’ administrative panels are remotely accessible over TCP ports 80 and 443 and do not require login credentials to view or modify settings. These printers also have several other ports open including TCP port 21 (FTP) and TCP port 445 (SMB) creating additional opportunities for unauthorized access into both the device and the organization’s network. This access allows a remote actor to do the following: view the location, device status, printer model, firmware version, ink levels, and network configurations; upload custom firmware files; access the remote operator panel; modify various settings; set PINs and passwords; create alerts and alarms, restore printers to factory default settings; and erase the printers’ memory and hard disks, among other options. The NJCCIC recommends organizations using internet-enabled printers isolate them from the public internet, create new login credentials if none exist or change the default password to the administrative control panel, close all unnecessary ports and services, whitelist IP addresses/IP subnets or require a VPN to access the local network, and keep all firmware updated.

AdvisoryNJCCICLexmark, Printer