Network printers are a favourite hacker target Network printers are a favourite hacker target
Cyber attackers like them because often, printers aren't as secure as they should be. Here's how to fix that. Network printers are a favourite hacker target

If you’ve been involved in IT security in any way in the past few years, you’ve noticed by now that we live in an age where any computerised device with a connection to the internet is vulnerable to attack.

Of particular interest to cybercriminals are “Internet of Things” devices that can be easily overtaken and added to “botnet armies” that can be used in Distributed Denial of Service attacks, and ones that can be co-opted into being a back door into a corporate network.

Security issues are so common among IoT-capable devices that it could be argued that tech companies and IT staff are unable to do much about them.

The problem is so bad, that earlier this year a (somewhat) ethical hacker engineered malware that actively searches the internet for devices with unchanged default settings, attempts to secure them, and if it can’t, it “bricks” them by corrupting their firmware.

Fortunately, there are a few things that can be done to at least make hacking these devices more of a challenge.

Printers are popular

While compromised Wi-Fi surveillance cameras and internet-enabled DVRs have received the most attention, printers are also a popular hacker target for a number of reasons. First, just about every business has one and second, the computers built into printers are quite versatile in that they can be convinced, though creative programming/malware, to do more than just print/scan/copy.

But the most crucial reason is that they too are not always locked down tight in terms of their network security, or their internal security that concerns who can and can’t use them. Hackers have, in the past, used compromised printers to host illicit content, download copyrighted materials and even snoop on print jobs, so locking them down is essential.

Get the basics right

The tragedy here is that by “not always locked down tight”, I mean simple things like the default admin username and password not being changed since the printer was initially set up, the printer having unrestricted internet access, no credential management being applied or printers running protocols they don’t need to that can be exploited.

In fact, printers are such a popular method for criminals to gain access to corporate networks that HP says that “60% of companies experienced data breaches involving printers”.

The problem is not so much that security features don’t exist to secure the printing process, because there are plenty; it’s that actually making use of them makes the printing process difficult for end users. It’s sort of like putting too many locks and chains on a physical door – unlocking becomes such a mission that people are tempted to just leave it unlocked.

Fortunately, there’s a middle path to follow: industry-standard best practices, which are detailed below.

Best Practices

  • Change the default username and password for the admin account. If you do only one thing on this list, do this.
  • Do not expose printers to the public internet. If you can, limit access to devices on the organisation’s internal network only.
  • If it must access the internet, restrict access to a closely-monitored list of approved devices.
  • Use an encrypted connection when accessing the admin control panel to ensure nobody can snoop on the session, steal credentials or make unwanted changes to the printer’s UI.
  • Don’t run services the printer doesn’t need – Telnet, HTTP, FTP and the like. This will prevent printers from being used as a download/hosting server.
  • Make firmware update checks part of your corporate patch management regimen to ensure printer firmware is always up to date.

No comments so far.

Be first to leave comment below.

Leave a Reply