Printers – The soft underbelly of your network?

Today we are plugging more and more devices into our networks, from voice assistants and home heating, to cameras and kettles. We are understandably concerned about keeping these networked, non-PC, keyboard-less devices up to date and secure. But there is one device on most of our networks that is often overlooked, sitting there happily doing its job without people ever checking for updates. It’s the humble printer.

Finding personal data in a dumpster

I first realised that printers could be a serious vulnerability when I worked on a case that involved a cosmetic surgery clinic which had suffered a pretty serious data breach. It hadn’t come from a sophisticated actor though. Not even close. The data had been stolen in a very different way. The clinic had a printer in the main reception area. It had stopped working and the manager told the receptionist to throw it out. She had thrown it into the dumpster out the back of the clinic. Someone had found it, taken it away and managed to extract the data held on the internal memory of the printer. The data extracted included booking forms for clients, the procedures they were having done, their address, email, phone numbers and more. When we interviewed the head of the clinic, he said to me “I never thought of the printer as a computer. Of course, we would wipe the PCs before we discarded them. I never thought of doing anything for the printer.”

Printers: an attacker’s best friend?

It should come as no surprise that as printers have been on our networks for many years, many of them don’t necessarily come secure out of the box. This can greatly help white hat and black hat hackers alike. Andy Johnson from Brother, UK notes “More than one in ten of all security incidents that affect businesses involve a printer, 59% of which result in data being lost”.

The printer is an interesting target for me, as a white hat hacker. They can allow access into the network, process very sensitive information and are usually one of the most ignored devices on a network when it comes to security. A simple search of the internet of things search engine, Shodan, can readily identify thousands of vulnerable printers around the world.

Printers are more like computers nowadays. They have developed to include additional services such as the ability to receive print jobs from email and some connect directly to the internet. These functions are popular because they allow organisations lots of flexibility with how they work but for white hat hackers (and black hats) this can hand us potential routes into the organisation.

Going for the low hanging fruit: default credentials and old devices

The biggest issue I find is that organisations will unbox their printer and leave the default login credentials in place. These are very easy to discover and mean that the printer can be easily compromised. I see this a lot in smaller organisations, especially high street law firms and accountants. These businesses also often have old printers. These old devices were made at a point in time when security was not as high up the business agenda as it is now and the security of them reflects that. If these businesses upgraded to more modern devices, they would be much more secure.

As a hacker, once I have control of your printer, I effectively have a “computer” that is working for me inside your network. I can then do all sorts of things, including accessing other computers on your network, executing code or even sending phishing emails to your staff!

If an attacker can sit quietly on your network ex-filtrating documents from the departmental printer in your corporate Mergers and Acquisitions department, they’ve got a pretty successful business model right there! Even fairly innocuous documents can have huge value to criminals.

Defending your printers

If you are not yet considering printers as part of your organisation’s attack surface, you certainly should be. The good news is there are some simple things you can do to make your printers, and organisation, a lot more secure.

1.     Ensure that you encrypt documents right up until the moment that they become hard copy. Then make sure that only the person who has printed the document can collect it. You can do this by using a card-based user authentication solution.

2.     Wipe the internal storage of the printer before you dispose of it. This can be done digitally but may need to be physically destroyed.

3.     Ensure all updates get applied. Printer manufacturers will send out regular updates, so make sure you are checking for and applying the updates being issued. Signing up for MPS (Managed Print Services) is a great way to ensure you are on top of all the latest updates.

4.     Change the default credentials when you get your new printer and disable any functionality that you don’t use.

5.     Use tools to monitor for unusual activity on your network. You would expect your printer to be operational during normal working hours, but at 5 am on a Sunday you might need to raise an alert.

6.     Only use consumables (toners, cartridges) that come with a data security guarantee. This is guaranteed if you sign up for Managed Print Services (MPS). Make sure that the consumables you purchase for your printer have been tested and approved by an independent authority.

There is some excellent research conducted by Brother on printer security and how to protect your printers and sensitive documents. You can read the full report here https://ter.li/jqzekv