Sign up for The Key Point of View, our weekly newsletter of blogs and podcasts!
For years now, we have beaten the drum about the potential risk that Internet-connected printers and MFPs pose to an organization’s network cybersecurity. Being connected to the web and an internal LAN, these “original IoT” devices could be the unwitting bridge that allows a hacker onto the network. And with the powerful processors and relatively sophisticated operating systems used in business-class office MFPs—heck, some even have Android variants underpinning the control-panel UI—they have the computing power to run some seriously malicious malware.
So, several years ago, we decided to help the industry do something about it: We launched our MFP Security Validation testing program, and invited ethical “white-hat” hackers and document imaging OEMs to help us devise a test suite and benchmark standards for printers and other IoT hardware. The end goal was to help IT buyers recognize which devices would be less vulnerable when configured to a “business secure” posture (meaning more secure than out-of-the-box, but not Department-of-Defense level security).
Today, we are happy to announce that several more OEMs have passed the evaluation and earned our BLI Security Validation Testing seal for Device Penetration:
Brother International Corporation
Brother Security Firmware v1.x
Employed in the Brother MFC-J5955DW/MFC-J6955DW Series
Kyocera Document Solutions Inc.
Kyocera Evolution Series Firmware v1.x
Employed in the Kyocera Evolution Series
Seiko Epson Corporation
Epson Workforce Enterprise Series Firmware
Employed in the Epson Workforce Enterprise Series
These OEMs join Fujifilm (nee Fuji Xerox) HP, MPS Monitor srl, and Ricoh, all of which previously passed iterations of our security test tracks.
For the device penetration area, a combination of automated tools and manual exploitation attempts are employed by certified security experts to probe for potential vulnerabilities in the device firmware/OS, ports, print protocols, embedded web pages, connectivity avenues, and other areas of potential exploitation. Earning the MFP Security Validation seal indicates that no vulnerabilities deemed of critical or high risk (nor any of medium risk with a good probability of being found and exploited) were identified by the ethical hacker during testing of the final firmware/OS. Since new avenues of attack are always surfacing, the validation is good for a period of two years from testing or until a substantially new version of the firmware is released by the OEM (whichever comes first).
In the months ahead, we look forward to issuing similar announcements for other OEMs that decide to take up the challenge.
Visit our Security Testing landing page to see all of the cybersecurity testing and services Keypoint Intelligence offers. If you want to learn more, just send us an email at sales@keypointintelligence.com.
