Report on Ripple20 threat to printer/MFPs
Research published by ExtraHop Security
- Ripple20 is a series of 19 security vulnerabilities found in devices that use software from Treck Inc. of Ohio
o Software is used to manage the TCP/IP stack in the devices
o (Many manufacturers of printers and MFPs outsource their print controller code to various software companies as they can not create internally)
- Vulnerabilities were originally discovered in June of 2020
o Could allow hacker to inject malicious code into customers network (such as
ransomware)
- Exposed Ripple20 devices exist in at least 35% of environments based on survey by ExtaHop
o According to JSOF Security, almost every US business is affected
- Treck has issued patches, but due to age and nature of the devices, the “patches may be difficult or impossible to install”
- Report states that some HP and Ricoh models are impacted, among other
manufacturers