It is now easier than ever to hack corporate networks through multifunction printers, which can even offer up access to Active Directory accounts according to security consultant Deral Heiland.
The moustachioed Rapid 7 tech veteran said his team now gains access to corporate active directory credentials through credentials stored in the latest printers in one in every two attempts. Four years ago they had only a 10 to 15 percent success rate.
High end Konica Minolta, Sharp, Dell, Canon and HP enterprise multi function printers spewed usernames, email addresses and passwords from address books, even after some vendors released fixes. They coughed up Active Directory usernames and application data and offered hostname information.
"We're able to gain access to Active Directory environments by extracting useable credential data from multi-function printers 40 to 50 percent of the time," Heiland (@percent_x) said. read the rest here