Last week, I wrote about how weak printer security remains in general. I included a few tips but I do not know if the message got through. Users still tend to think of printers as dumb USB or wireless devices. Modern printers are powerful computers in their own right and when you connect that to your network, you are inviting hackers of all kinds to tinker and maybe worse. Case in point, a few years back, researchers at Context Information Security hacked a Canon Pixma printer to run the classic 90s shooter Doom. It might not be malicious but it definitely demonstrates how the CPU and memory power of printers should not be overlooked.
Hacking, in one form or another, touches all of our lives so protecting our credit cards, identity, computers and computer accessories from cyber thieves has become the new norm. Even printer hacking is not necessarily new. Back in 2011, researchers at Columbia University were able to successfully hack a printer allowing them to easily intercept sensitive documents that were only meant to be printed. They went on to demonstrate the possibility of remotely tampering with the printer’s fuser heater which could result in a fire. These extreme examples illustrate the lengths that hackers will go to but also the potential for data mining and theft that resides within most printers.
Wireless printing from mobile devices is gaining widespread acceptance and its conveniences are appreciated. In order to maintain that convenience, printers need to be easily connected into the companies Wi-Fi network.. The downside is that this gives hackers a potential foothold on the company network without even having to step foot inside the building. They may lurk outside the building posing as the legitimate wireless company network or they may choose to directly attack the weaknesses of the existing wireless network. More ambitious hackers have even demonstrated MITM (Man-In-The-Middle) attacks using drones carrying mobile phones or portable routers just outside the office. The convenience of wireless printing (and networking in general) opens up organizations to multiple surfaces of attack.
Here are a few more tips to make sure your printers are not part of the security problem:
- Many Wi-Fi enabled printers come with Wi-Fi connections open by default. Make sure you secure them before hackers exploit this known vulnerability.
- You might consider outsourcing the printer security management depending upon your organization’s size, printing demands, and classified nature of your documents. Outside parties can focus in securing vulnerabilities while you can focus on your business.
- There are still millions of older printers that consumers and businesses use each day that have no password protection whatsoever. If you are using an older networked printer with no password provisions, upgrading to a newer model that can be properly secured.
- Newer printers support whitlisting and intrusion detection features to make sure firmware has not been hacked and that no malware has been introduced into the system memory. If you’re replacing older, less secure printer models, you should be sizing up security features like these.
I continue to rely on my printer to help grow my business even in this digital age but at the same time, I cannot afford to be ignorant of the many potential vulnerabilities.