Your Insecure Printer is a Playground for Cyber Criminals

Anne Oikarinen

February 27, 2017 at 10:30

Did you know your office or home printer could pose a security threat?

Recently, a hacker printed ASCII art out of 160,000 printers. About a year ago, a security researcher revealed how thousands of misconfigured enterprise printers can be used as an anonymous file sharing platform. And just last October, printers and other vulnerable IoT products enslaved in the Mirai botnet created DDoS volumes never seen before.  No wonder that some consider printers are one of the most insecure devices.

Easy to Find, Easy to Exploit

A quick look to Shodan or ZoomEye is a sad sight. These search engines dedicated to finding internet-connected devices quickly reveal thousands of misconfigured printers and scanners. It’s as simple as googling. Instead of interesting web articles or funny pictures you can find hundreds of printers with open Samba shares or thousands of printers in Finland with open ports exposed to the internet - vendor name and model information included. This is stuff that should be only seen inside your office network. And yet it’s there for everyone to find.

Exploiting the vulnerabilities is almost as easy. With the vendor and model information acquired from these IoT search engines, you can use various vulnerability databases and exploit databases, such as the ExploitDB, to find proof-of-concept code or even readymade exploit modules to just plug, play and pwn. You’ll probably find a Youtube video tutorial as well.

Cyber Criminals Will Take Advantage of Your Weakest Point

Vulnerable or misconfigured printers can be used for fun or demonstration purposes as in the ASCII art printing example. Participating in a DDoS is bad but it does not directly hurt your company (except that you might not be able to print while your printer has other things to do).

Vulnerable printers can also be used for serious profit. Criminals will surely exploit your weakest link in cyber security. An advanced persistent threat may slowly creep into your corporate network by using a misconfigured printer.  Stolen documents from your printer share? Good material for faking more convincing spear-phishing emails. Remote code execution on your scanner? Handy for proxying out all your documents.  Got root? The hacker might too, if you reused admin passwords that are stored in plain-text on the printer or your printer can be used as a jump point deeper into your network.

Did you Wipe the Disk?

Privacy and data life cycle is another often overlooked concern. Multifunction office printers store copies of your printed and scanned confidential documents including contracts and personal information. The hard disk of the printer may not even be encrypted. When the printer is thrown away or moved to another site, do you wipe the disk? Or what if the printer is connected to the internet by mistake and the documents are there for all the world to see?

Secure Your Printer

Remember that your multifunction-printer-scanner-fax-thing sitting in the office corner is more than meets the eye. It is actually a networked server with file sharing and emailing capabilities. It has an embedded web server and network management agents for configuration purposes.

Printers, just like any other servers, require vulnerability management and patching. Be sure to harden your printer by changing default passwords, disabling unnecessary protocols and services and using disk and traffic encryption. Proper network segmentation, using firewalls to restrict traffic and logging is also important. Even better if you can use policy-based configuration to apply the settings automatically to each device.

So next time you are planning a system audit remember that printers are servers too. If misconfigured, they might expose your corporate network to criminals.

Related blogs