People you don’t know could use your printer to hurt strangers you’d never know. That’s like participating in a crime without knowing or doing anything.
Using specialized search engines like Shodan, hackers could gain access to your copier, hijack it and use it to attack websites and other internet-connected devices. All without you knowing a thing about these attacks.
That was what happened in October 2016. Attackers used the Mirai botnet to hijack more than 100,000 internet connected devices and then used those devices to attack services like Spotify, Etsy, Twitter, Reddit and Netflix, even Russian Banks.
Your network printers could be attacked or used to others. A survey sponsored by major ink and toner manufacturer and independently carried out by Ponemon Institute revealed some staggering facts and figures.
From the survey, sales and human resources departments were the most vulnerable to security breaches. Results gathered from 93 percent and 76 percent of sales and HR respondents, respectively, shows they have the highest printer-related vulnerabilities.
This is what a Shodan search engine report page looked like when I searched for “Printers.”
Printers: Entry Point for Hackers
Of course, HR and sales were not the only departments with lax access to their printers and that had poor security practices. Printers used by executive management were found open to attacks and hackers.
In fact, 60 percent of the companies that responded to a major manufacturer’s survey have had data breaches that involved printers. Not so surprisingly, almost half of the enterprises surveyed were utterly unsecured from unauthorized access to their network-connected printer mass storage.
Peter Kim authored the book The Hacker Playbook 2: Practical Guide to Penetration Testing. Kim is a hacker and top-rated penetration tester, he’s been able to compromise several companies (including financial institutions) using their printers as entry points.
Image Credit: Paul Digby
Printers are so vulnerable that only 30 percent of companies in the Ponemon survey have a process for spotting high-risk printers. Most companies don’t even have a clue what printers to discard or disconnect from their network in the event of an attack.
Printer Security is the Blind Spot of IT Admins
Employees and IT administrators instinctively overlook printer security risk. According to 64 percent of respondents in the Ponemon survey, their organizations perceived laptop and desktop computers as having more data risk than printers.
Consequently, at 44 percent, less than half those companies included network-printers in their security policy.
Interestingly, 62 percent of survey participants are doubtful that they could prevent hackers from stealing data from their printer mass storage. Printers are vulnerable to unauthorized access via open ports and WiFi.
IT admins hardly see multifunctional network printers as the networked computers that they are. Hackers see that lax in security and exploit it.
The above-mentioned survey showed that 56 percent of participants believe that their company’s employees don’t think printers pose any serious security risk. Company staff would easily expose confidential and sensitive information, unknowingly when using printers.
Let’s explore specific actions you can take to secure your printers from device compromise, unauthorized access, print configuration changes, and eavesdropping.
Indicators for investigating Potential Cyber-crime Risks on Printers
Financial institutions and CIO of corporations (and startups) need to take more proactive steps to stop cyber attacks. Your company must develop and continuously update security policies, technologies, and processes as new solutions and concerns emerge.
Your management should consult cybersecurity specialists to create measures for mitigating cybersecurity risks. The organization should assess its end-to-end technology and levels of cybercrime risk exposure on its printers using the indicators below:
-
Any unauthorized configuration changes or alterations that you can’t explain.
-
Unusually high bandwidth usage or delays in network time of devices.
-
Increased communications with unknown email and IP addresses.
-
Time-stamps are illogical or do not align.
-
The organization’s firewall must cover the printers.
-
Restrict devices not from the company from connecting to your printers.
-
Fixed maintenance schedules should be kept for firmware review, update, and implementation.
Manage Your Company’s Printer Access
Ideally, you should get a network security specialist to help you with your managed printer access. However, you should have some knowledge of what the network specialist is doing. Managing your organization’s printer access involves three processes,
1. Restrict your printer from the public internet.
2. Change the default password of your admin control panel webpage.
3. Use only connection that’s encrypted when accessing your admin control panel.
Restrict your printer from public internet and devices
Restrict your printer from open internet and make sure it’s configured to work with only networks and devices you’ve approved. Here’s how to do it
-
Consider using an RFC1918 private IP address space to restrict printer access to your company hosts. This step ensures printers are unreachable from the internet.
-
Use an IST network firewall to restrict access to your printers.
-
Restrict device or subnet access by configuring your printer’s access control list (ACL).
-
Disable internet routing to restrict printing to your local network segment. Implement this step by removing the default gateway in your printer’s IP configuration.
-
Block your printer from public internet access using a low-cost hardware firewall.
-
Set up a separate machine as a dedicated printer server with appropriate access controls.
Change your admin control panel webpage default password
Just as simple as that. Change your admin password.
Hackers start attacking from the simple things like finding out if you have weak passwords. Hackers could use your default password to
-
Alter your printer’s network address and reroute your printing
-
Make the device inoperable through a Denial of Service (DoS) attack.
-
Use the printer to attack or hack other systems within your network.
-
Install malware and access the printer remotely
Use only connection that’s encrypted when accessing your admin control panel
If you’re accessing your printer interface over a web browser, make sure to use an address with a secure socket layer (i.e., https://) as against one that doesn’t have it (i.e., http://). If you use a command line access, block eavesdroppers by using SSH in place of Telnet.
Restrict Printers from Running Unverified Services
Lots of printers are running on automatically enabled, unnecessary, and insecure protocols like FTP, Telnet, and HTTP. Hackers could access your printer data directly if you keep the default services running. Malicious attackers could enter into your printer’s hard drive and collect all the data stored there.
Protect your printers from being used for unauthorized purposes by disabling its default services. Breached printer storage could be used to store pornography or deployed as an FTP server for copyright protected documents, movies, and music.
Effect Updates and Patches Promptly
Printers, just like desktop and laptop computers, need updates and patches. Make a habit of checking for firmware updates on your printers and network devices. Updates may patch security vulnerabilities and have improved or additional security features.
Final Words
Security is a complicated issue to address efficiently and is growing more complex with advanced challenges like DoS and ransomware attacks. Hackers are looking for overlooked and little-known security leakages. Unfortunately, IT departments are not seeing printers as computers, so savvy attackers are utilizing that loophole to their advantage.
Using the help of qualified security professionals to help manage technical issues and the guidance of this article, you can save your company some serious money and damages.