Xerox Security Message: Reminder to Set Firmware Password on Networked Printers

We continue to see news articles concerning potential vulnerabilities around certain networked products. At Xerox, a great deal of our focus goes to ensuring the safety and security of our customers’ equipment.
For years we’ve been communicating publicly the threat to embedded devices or networked peripherals. Anything connected to your network – whether a fax machine, copier, printer, scanner, or PC – is vulnerable to outside attacks. It’s a topic we discuss often on this security website, and we continue to share with our customers the importance of securing safely all of their devices.
Recent media coverage of Columbia University researchers infiltrating a competitive printer via firmware has brought this subject to light. The infiltration they conducted is certainly not easy to do, but customers need to be aware of and prepared for this vulnerability.
Specific to Xerox:

  • A firmware update function exists on Xerox Phasers and one ColorQube®(ColorQube 8570). The firmware update function can be password protected on all Xerox Phasers, enabling customers to have a first line of defense against a potential attack. Customers can access their password settings by accessing the printer’s CentreWare Internet Services security settings page reachable at https:// device_ip_address /securitysettings.html
  • Other equipment (WorkCentre® line, ColorQubes except the CQ 8570, FreeFlow® Print Server, DocuColor® models, etc.) use an entirely different upgrade mechanism and are not vulnerable to the same type of exploit.

We’re continually testing to identify new security threats to our technology. We encourage you to continue to check this site for the most recent Xerox security updates. If you have questions on how to best lock down your Xerox device, please contact your sales rep, submit a request online here, or in the U.S. call us at 1-800-821-2797.