Low Printer Firmware Update Rates Leave Millions of Devices Exposed

Modern multifunction printers store scans, address books and sometimes hard drives, making them attractive targets. Many devices ship with default passwords and firmware that rarely receives updates. In 2025, hackers breached Conduent, a large printing and back‑office processor, exposing personal data of millions of Americans.

A global study of over 800 IT and security decision‑makers found that just 36% apply printer firmware updates as soon as they are released. Texas Attorney General Ken Paxton called the Conduent incident “likely the largest breach in U.S. history,” noting that Social Security numbers, addresses, birthdates and medical information were compromised. Cybersecurity expert Carlos Rubi warned that a hacker can reach a printer through guest Wi‑Fi and use it to pivot inside a network.

Unpatched printers provide an easy entry point for attackers exploiting known flaws such as CVE‑2020‑10188 (HP remote code execution) or leveraging default credentials, which aligns with MITRE ATT&CK technique T1190 (Exploit Public‑Facing Application). Once inside, threat actors can move laterally, steal data or deploy ransomware. The Conduent breach shows how a compromised printing service can affect tens of millions of records.

Defenders should inventory all network‑connected printers, change default passwords to strong, unique values, and enable automatic firmware checks where available. Apply vendor‑issued patches promptly—HP, Xerox and Canon release monthly security advisories. Segment printers onto a dedicated VLAN and block guest Wi‑Fi access to printer ports. Monitor printer logs for unusual login attempts or outbound connections, and consider deploying intrusion‑detection signatures for known printer exploits (e.g., Snort rule 2100123). Managed print services contracts should explicitly require regular firmware updates and malware protection.