Xerox printers said to contain security hole

The Black Hat conference has heard that Xerox's WorkCenter printers may need patching again
Written by Graeme Wearden, Contributor

A US security expert has identified vulnerabilities in Xerox's WorkCenter multifunction printers, reports have claimed.

According to IDG News Service, the flaws were discussed at the Black Hat security conference in Las Vegas. Brendan O'Connor, who works for an unnamed US finance company, claimed that malicious hackers could take advantage of a configuration error in the printers' Web interface.

This would let them run unauthorised software on the printers, compromise network traffic, and access sensitive information being printed on the machines, O'Connor claimed.

Back in February 2006, Xerox admitted that its WorkCenter and WorkCenter Pro products contained flaws that could be used to bypass certain security restrictions, or conduct cross-site scripting and denial of service attacks. It released a patch which it said fixed the problem.

O'Connor, on the other handy, has claimed the flaws can still be exploited.

Xerox UK was not immediately able to comment on the claims, but a company representative at Black Hat reportedly said that an updated patch would be released soon.

Editorial standards