Moscow, February 15, 2022 — Information Agency “Business-Inform” together with the Association of Quality Consumables Manufacturers and Suppliers presented the new results of research on information security issues for remanufactured cartridges and remanufactured printing devices, as well as recommendations on solving them.
Information Agency “Business-Inform” together with the Association of Quality Consumables Manufacturers and Suppliers (AQCMS), on 15th of February, this year, held the Conference “Remanufacturing of Cartridges and Printing Devices – New Issues in the Field of Information Security”. During the Conference the results of the research were shown concerning the new vulnerabilities found in office printing devices in Russian and International organizations in 2021, as well as the recommendations on how to remove them. During the Conference, a special attention was paid towards the new issues of informational protection of businesses’ corporate networks, related with a practice of using remanufactured cartridges and remanufactured printing devices. The Conference saw the participation by 217 specialists of Russian commercial and public organizations, as well as from the leading Russian and International experts in the field of information security.
During the Conference 2 reports were heard and 3 demonstrations were shown:
- “The Vulnerabilities of Printing Devices Require Constant Attention and Immediate Solution” (speaker – Stanislav Malinskiy, Russian University of Transport)
The report theses: Office printing and its managing. Microprogram, system and applied software: vulnerabilities (evident and hidden). Methods of passive and active protection. The leading manufacturing brands of printing devices and their policy in the field of information security provision. The research shows that hundred thousands of printing devices connected to the Internet remain unprotected and vulnerable against the attackers. All printing devices used in corporate networks require constant attention from information security departments, especially the remanufactured printing devices and remanufactured cartridges. CVE-2021-39238 (CVSS score: 9.3) vulnerabilities in 150 HP LaserJet and HP PageWide series models, and how to remove them. CVE-2021-3438 (CVSS score: 8.8) vulnerabilities in 380 HP LaserJet, Samsung CLP, Samsung MultiXpress, Xerox B205/B210/B215 series models, and how to remove them. Why has that vulnerability remained uncovered for 16 years? CVE-2021-20868, CVE-2021-20869, CVE-2021-20870, СVE-2021-20871, CVE-2021-20872 vulnerabilities in Konica Minolta bizhub models: patches are there but the printing devices remain unprotected. CVE-2022-23968 (CVSS score: 7.8) vulnerability in Xerox VersaLink and Xerox WorkCentre models: why since 2019 until January 2022 the manufacturer wasn’t able to release patch? The update of microprogram software of printing devices doesn’t guarantee informational safety. Passive and active methods of information security in Russian organizations and legislative limitation of its implementation. Why well-known vulnerabilities remain unfixed for a long time? The audit of printing devices in Russian organizations in 2021: main results and conclusions.
- “Remanufacturing of Cartridges and Printing Devices – New Issues of Information Security” (speaker – Stanislav Malinskiy, Russian University of Transport)
The report theses: Remanufacturing is one of the most important elements in solving environmental issues. The remanufacturing of printing devices: methods of assembly and remanufacturing, the evaluation of functionality and quality of remanufacturing. Presenting GM Technology (Spain) and its products. The vulnerabilities of printing devices – the up-to-date issue of information security for most business-networks. Microprogram software of printing devices and its updating during remanufacturing. The amount of problems of information safety grows. Laser printer and MFP cartridges and their remanufacturing; presenting quality and the most popular brands and solutions. OEM and non-OEM chips and their reprogramming; what do the OEMs and the chip-programming tool makers conceal? Threats to business information security in using remanufactured printing devices and cartridges (both ОЕМ and compatible ones).
Demonstrations of the threats and the vulnerabilities for specific printing devices:
Demonstration 1: Vulnerabilities of the most popular office printing devices presented on the Russian market. We find and analyze known vulnerabilities and the possibility of their exploitation by attackers (speaker — Stanislav Malinskiy, Russian University of Transport)
Demonstration 2: Vulnerable printing devices on the Internet. We showcase thousands of vulnerable devices from leading OEMs. Demonstrating printers with known vulnerabilities: new patches have not been installed! (speaker — Sergey Ivanov, Information Security Agency «Business-Inform»)
Demonstration 3: Reprogramming of printing devices and cartridge chips. We demonstrate and analyze new threats and vulnerabilities (speaker — Alexander Titov, INCOTEK)
The participants of the Conference discussed together with the speakers the provided information, the results of the research on the vulnerabilities found in office printing devices in Russian and International organizations in 2021, as well as recommendations on their removal. A special attention of the Conference participants was paid to wards new issues in information security of corporate networks related to the practice of usage remanufactured cartridges and remanufactured printing devices.
As a nice surprise for all the Conference participants came the new issue of BUSINESS-INFORM Review magazine (issue #33, 2021) and its appendix “Testing and Quality” (February, 2022).
AQCMS: info@aqcmsrus.ru, https://aqcmsrus.ru/?lang=en
BUSINESS-INFORM: bizinform@list.ru, https://sforp.ru/en/
