A discovered vulnerability in an Epson multi-functional device allows Dial-Up hackers to exploit the appliance.
Dial-Up Exploits Still Alive, Epson Is the Latest Case
A recently discovered bug in an Epson multi-functional printer firmware allows malicious users to exploit the device. The victim users need to be tricked into installing a malicious firmware that exploits the fax line.
The firmware contains modified Linux code that gives criminals the ability to gain access to the network via the fax line. The reason for the security issue is that the Epson WorkForce printers do not require signed firmware images.
Attackers can insert both malware code and backdoors into the devices. The researchers note that this is a critical issue as Epson is the third largest printer manufacturer in the world. The criminals can upload the malicious firmware files directly using a Cross-Site-Request-Forgery (CSRF) attack. These can be done over the dial-up and fax lines as well. Possible damage can include the infection of the internal network and Trojan infections.
According to the experts “huge amounts of the devices produced since 1999 to use this mechanism and could be vulnerable”.
Epson has responded that they have prepared a new firmware that will amend the security issues. Also, the company has published a security advisory.