Spectre and Meltdown Security Vulnerabilities, and your Printer

19th January 2018 | Company News | Insights

Regarding the recent Meltdown and Spectre cyber-security vulnerabilities, which exploit vulnerabilities in processors to access device memory, and thus steal user data such as passwords, messages and business-critical documents. The processor vulnerability has been identified in desktop, mobile and other devices, so United Carlton have been in touch with our vendor partners to find out what impacts this could have on our customers using our multi-function printers.

Sharp

“There is a possibility that any sensitive information, e.g. passwords or encryption keys, can be read by attackers with malicious programs using these vulnerabilities, since some process acceleration techniques implemented on the processors (speculative execution and out-of-order execution) potentially allow access to data in normally-inaccessible memory areas without any authority.

“Although some Sharp MFPs do have processors susceptible to these vulnerabilities, there are no practical impacts since they do not have mechanisms that allow for installation of malicious external programs which use these vulnerabilities.

“Sharp MFP users can use their devices with the current firmware since there are no practical impacts from the vulnerabilities. Regarding future application of security patches for the models with the vulnerable processors, we will further investigate potential risks and effects of the patches to the machines.”

Toshiba

“With regards to the question of Security Vulnerabilities, Toshiba devices do not use Intel chipsets. Anything other than print data, has to be introduced to the machine using an encrypted file which only the machine understands. Therefore to send a virus to the device is impossible.

“If a virus was sent to the device, and decrypted (which has never been done) it will have to be opened to run, which the our device are incapable of deploying, meaning that it cannot penetrate the device.

“Toshiba devices have never had any virus penetrations, we don’t use Java scripts from external sources, also, as I have pointed ,out they have to have the correct encryption method, which are only used for Toshiba devices, should any Java scripts be introduced. Security Vulnerabilities cannot be passed from the Toshiba MFP to a network.”

Lexmark

““Lexmark have looked at these vulnerabilities and our devices are not at risk, but will continue to monitor these on an ongoing basis.”

 

It’s not currently thought that the vulnerabilities present in processors have yet been used in an attack, and CPU manufacturers are working together to solve the problem. If you have any queries on the security of any devices supplied by United Carlton, please contact us and we will do our best to help.

 

Never miss a post from the United Carlton blog!

Complete the form below to sign up for our blog mailing list.