Story image

Why your printer could be the doormat to your network

14 Mar 2017

For years, networked printers have left gaping holes in business defences.

Flaws within printers can permit print docs to be captured, allow buffer overflow exploits, disclose passwords or cause printer damage.

We recently reported the news of a kid hacker breaking his way with ease into more than 160,000 printers worldwide.

Chief of security strategy at SentinelOne, Jeremiah Grossman says printers can expose users to many different kinds of attacks.

According to Grossman, these include:

  • Hackers can use vulnerabilities to capture old printing logs and steal sensitive information. They may also exploit these flaws to break into a networked device and move laterally through a business to gain more information.
  • Attackers can gain control of networked printers to use one company’s bandwidth to attack other businesses and individuals around the globe via DDoS

Obviously, one of the main drivers of the issue is a lack of awareness.

"Most of the time, printers are not going to be terribly different from any IoT device," Grossman says.

"Normally, the purchasers of network-connected printers aren't concerned. "'Why should I be concerned about a printer?' they ask. "But it's not just a printer; it's a computer inside a printer and should be treated as such."

Another issue is ownership, as printers are shared devices in an office it can often be unclear just what department they belong to, leading to ambiguity over who should be maintaining the security.

One of the longstanding issues, according to Grossman, is vendors not supporting patches on older devices. Businesses have the information they need to protect themselves, but they won’t be secure due to lack of incentive in the system.

What is concerning, is that printers will become more popular targets over time. Grossman asserts that currently the most popular (and easiest) methods of entry for hackers include web hacking and email attacks, but gradually this will change to IoT as we become more connected and computers and operating systems more secure.

Here are some simple methods to better secure your printer and network:

  • Regularly check manufacturer websites to see if patches are available
  • Isolate printers on local networks separate from PCs
  • Periodically update passwords
  • Use intrusion detection

It’s also vital to buy your printer hardware from a trusted manufacturer, like Fuji Xerox, and to ensure your equipment remains modern.

At the end of the day, printers are low-hanging fruit for hackers, and it’s up to businesses to ensure they remain out of reach.

GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
Why AI will be procurement’s greatest ally
"AI can help identify emerging suppliers, technologies and products in specific categories."
Are AI assistants teaching girls to be servants?
Have you ever interacted with a virtual assistant that has a female-based voice or look, and wondered whether there are implicitly harmful gender biases built into its code?
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
Data#3 to exclusively provide MS licences to WA Government
The technology services provider has won two contracts with the Western Australia Government, becoming its sole Microsoft licence provider.
Why cash is no longer king in Australia
Australia is leading the way in APAC for granting credit on B2B transactions.