More security threats for printers/MFPs
- Forescout Security published new report detailing how millions of IoT devices are at risk from TCP/IP stack flaws
- Named the new vulnerabilities “Amnesia 33”
- “you can crash devices with a single data packet”; stated Elisa Costante, VP of Research
- “We find that the DNS, TCP and IP substacks are the most often vulnerable”
- Flaws impact any system that is running a vulnerable TCP/IP stack, which could include printers, MFPs, medical devices, industrial control systems, routers, switches, etc.
- “Because of the absence of a software bill of materials, it is often very hard to determine whether a vulnerable software is in a device”
- (unlike many competitors, Konica Minolta-made bizhub devices use in-house developed Emperon code, and do NOT use TCP/IP code sourced from a third party)