Dave Bullock / eecue

photographer, director of engineering: crowdrise, photojournalist, hacker, nerd, geek, human

Blog

Xerox Multifunction Device In Your Network?

Brendan O

Brendan O'Connor gave a talk called "Vulnerabilities in Not-So Embedded Systems" about how easy it is to take over the computers that run the Xerox Multifunction Devices. Basically he wants people to treat these supposed embedded systems as servers which they really are. Through his research he found that the Xerox systems didn't have the GRUB boot loader locked down with a password so he was able to gain access to the system and basically do whatever he wanted with it. These systems are dangerous because they are full linux systems, but the user doesn't have access to it so they are unable to secure it. As you know services are constantly being found to be vulnerable and relying on a technician to come and patch your copier isn't going to keep your network safe. It would be wise for vendors to allow users access to these systems so that they can keep them safe.