Your printer can be a dangerous, overlooked attack surface
The end of 2018 saw a rash of cyberattacks mounted by way of networked printers. In one notable incident, as reported by Kaspersky, a hacker targeted 50,000 printers and caused them to print a message supporting a YouTuber named PewDiePie. According to Kaspersky, the hacker had utilized Shodan, a search engine for devices, and found no fewer than 800,000 vulnerable printers from which to choose. This story, and many others like it, should alarm anyone tasked with cyber security duties. The ubiquitous printer can be a dangerous, overlooked attack surface.
Why do networked printers create risk exposure?
Most of us think of printers as peripheral devices that attach to our computers. Even as printers have grown vastly more sophisticated and connected, we tend not to think of them as connected devices, which is what they are. Even the IT department may fall into this complacency, focusing instead on more obvious security work like patching employee PC’s or monitoring BYOD smartphones.
A networked printer is an often underestimated point of vulnerability. Unlike earlier printers, which only connected to computers directly through a USB port, most of today’s printers are network enabled. A printer is simply another connected device. You send documents to print over Ethernet or Wi-Fi.
Like any other connected device, the printer is accessible to anyone with access to the internal network. Often, it is also accessible to anyone on the internet. This arrangement is common because people may want to look up and print web pages directly from the printer, scan and email documents from the printer or use the device to send or receive faxes. These kind of use cases require the printer to publish itself on the internet. Even if the printer connection is limited to the internal home or organization network, it can be accessed externally from the internet if the internal network is not set and secured properly. Thus, a network enabled printer can be accessible to anyone with internet access.
As the PewDiePie attack shows, many printers are not properly secured. There are many reasons for this, but the most common is that printers are un-patched and running outdated firmware versions. Unlike PC’s or smartphones, where software and firmware updates are executed automatically over the air, most printers still require manual updates, wherein the user manually downloads the latest firmware to an external device and installs it into the printer.
Moreover, printers’ users are not aware they should check for their printer firmware updates and rarely receive notifications form the printer manufacturer that a new firmware version is available. Many owners regularly use printers running old firmware with many known vulnerabilities, just waiting to be exploited. Malicious actors can search the internet for printers running old firmware versions that can be accessed remotely, or use Wi-Fi from outside an office building to look for vulnerable printers.
Hackers can take over a printer by sending malware to it over the web or through a digital fax. Once they’ve taken over the device, attackers can use the printer to access other devices on your network. Since the printer is relatively trusted by your network, it can be used as the hacker’s gateway to your other network connected devices. For an example, it can be used to access your network drive, your PC, or a security camera that share the same home or business network. It’s a point of entry from which hackers can access or attack other devices, disrupt your business, steal data or eavesdrop on communications.
The risk we face from connected devices and the Internet of Things:
Disturbing as the printer hacks may be, they are really just part of a much bigger problem: the risk we face from connected devices and the Internet of Things (IoT). We’re familiar with printers, so we can picture how attackers exploit them. But what about the billions of other devices we don’t think about? They could also be vulnerable. From connected thermostats to connected light bulbs. Who ensures these devices are secure and continue to be secure for the coming years in which they serve us? Who ensures they continue to be patched with updated software?
Any device’s software or firmware will eventually become outdated and will need to be updated to maintain its security level. With no clear and easy way to update the software of these devices, and with no guarantee from device manufacturers to maintain software updates for years to come, these innocent-looking devices will eventually become vulnerable and will be used by hackers as a gateway to attack other devices on your network and to gain unauthorized access to private information they process and store.