09-22-2016 07:44 AM - edited 09-22-2016 07:57 AM
I want to disable the potential for Xerox to remotely install firmware updates without my consent, on my Phaser 6020.
Is there anyone on here who knows how I could do this?
Solved! Go to Solution.
09-22-2016 12:31 PM - edited 09-22-2016 12:51 PM
Xerox has no ability to do that so there is nothing to disable, it has to be done on site.
They can be set to download firmware from remote on select models, but the remote is a server of your choice, not a Xerox server and it is done via FTP/SMB at a time of your choosing.
There is a future project where Xerox will be able to update Connectkey models remotely if asked by the customer, but it would not be initiated without the request, Xerox has no servers that could handle that kind of throughput (Firmware can be 50MB or 1GB and that file would have to go out to 10's of thousands of devices) If Google can't do that with Android, there is no chance Xerox can do it with printers.
If you still think Xerox can do it, and will, just port filter any IP address starting with 13.
09-22-2016 02:11 PM
09-22-2016 02:36 PM
Links are fine as long as it isn't trying to sell things or spam the board. No issue when the link is relevant.
The difference is in the details, from what I understand HP can't blindly update the devices, but they have software you can install that will from your PC if you don't un-check the box to allow it during install. I haven't looked into it much as I don't have one personally (Why buy a home printer when I have a lab full of equipment from $300-$300,000 and paper/ink staples are free ;-))
I know they had an issue a while back (quite a while) where the printer itself could be hacked. (theoretical)
In any case, I would imagine most devices from most companies themselves are relatively untouchable, unless you put them on a DMZ or open to the Internet.
And we are not just talking about one manufacturer like that article talks, go to the webpage built into any printer, if the addressbar gets lots of junk not related to the IP address, that junk can be searched online, if somebody put their printer on the Internet (100% their fault) it is an attack vector for SQL injection (possibly), it can be printed to and it can have it's settings changed and firmware changed.
But still, that means the user put it on the Internet, either intentionally or not, the manufacturer can't be accountable to the users choices. But they should be accountable in cases where they actively change a device without any consent, either by person, or by license agreement/lease agreement. (And as much as I hate it, if they hid it on page 973 of a license agreement, as long as I/you clicked I accept the fault isn't theirs)
<No I have not read the License agreement either, but I definartely un-check every single box during install until it won't let me continue, then read the one that stopped me, with everything I ever install>