Why Hack a Printer?

Stop for a moment and consider the information most critical to your organization. It likely includes social security numbers, account balances, and business plans. This data is guarded carefully, stored in secure servers that are always updated, on workstations with stringent password protection, and on encrypted drives for storage. However, there is one place in almost every organization where data is passed freely: through a printer. The overwhelming sentiment regarding this fact is one of dismissal. After all, what harm can a printer cause?

At their most complicated, printers are little more than copiers that can distribute an email. What could a hacker possibly do? Print a ream of test pages and cause the printer to run out of ink? It is this very attitude that leads to the use of insecure protocols, for instance using the same administrator credentials the printer had the day it arrived at your office and can result in unidentified vulnerabilities.

For the successful social engineer or hacker, a printer can provide a wealth of information. Even the simplest printers have web pages for remote administration, which often provide print logs to anyone who accesses them, without requiring authentication. Logs can reveal usernames and document titles, which may include information such as customer/member names or the location of shares. While the information revealed can be minor, it could prove useful to an attacker in further exploits.

More Printer Capabilities = More Vulnerabilities

The level of information disclosure only increases as printer capabilities increase. Many offices include one, if not more, full-size copiers that can not only print, but scan, fax, and email. Administration consoles can reveal logs, address books, mail servers, and locally saved files. In some cases, with the change of a few settings, every scanned document can be sent to an arbitrary email address with no interruption in regular service. That means every loan application, account statement, and customer/member correspondence that goes through an organization’s printer could be appearing in a hacker’s inbox, providing them with a wealth of sensitive information.

In addition, network-connected printers can be used as a doorway to other systems. While a lighthearted example, a hacker who attended a conference in 2014 proved that he could install arbitrary code onto a Canon Pixma printer by installing the video game Doom. A skilled attacker could use a weak printer as an entry point into the internal network of an organization, pivoting from it to more critical systems such as workstations or, worse, data servers.

An Easy Fix

While printers can provide easy wins for an attacker, protecting them from compromise is even easier. The simplest step is to configure a secure administrator password on all printing devices. Most printers have a default password that is very simple to guess, such as ‘password’ or ‘123456.’ A password that has a combination of letters, numbers, and symbols can help prevent unauthorized access. Furthermore, if additional security options are available, they should be enabled on all printers. This includes, but is not limited to, requiring authorization to view logs or configurations, disabling insecure protocols such as Telnet and HTTP, and setting up alerts for suspicious activity.

Unsecured printers pose a real threat to organizations today and can lead to increased IT security risk. Taking a few simple steps to mitigate the risk associated with network enabled printers is an easy way to enhance your cybersecurity posture and protect the sensitive data of your organization as well as your customers/members.