The days of printers as simple unsophisticated devices are long gone. Today’s printers are specialized computers that have their own processors, RAM and storage. They also have easy setups and internal web pages for adjusting settings and updating firmware. The printer manufacture’s goal is to make their devices faster, more versatile and more user-friendly to set up and use.
Unfortunately, printer security has not kept up with these advances. When printers were dumb devices, the worst that could happen was an unauthorized person seeing a print job sent to the wrong printer. Now a printer can leak confidential information and provide hackers with a route into your network.
Printers Can Allow Data Out
The security risks printers pose don’t end when you get rid of them. Many printers have internal hard drives or flash memory that can store recently printed documents. Some store the information in unencrypted formats that are easy to retrieve. When a company or consumer sells, retires or recycles a printer they often neglect to clear out this storage area.
This is not a hypothetical risk. In 2010 CBS News purchased four used photocopy machines at random and used freely-available recovery software on their hard drives. A printer security expert uncovered everything from copied checks and patient medical records to design plans for a building near the World Trade Center.
Printers Can Allow Hackers In
Printers can also be a vulnerable point on your network. A white hat hacker named Michael Jordan demonstrated security vulnerabilities on a Canon Pixma MG6450 by getting it to run the 90s computer game Doom on its LCD screen. He showed off the hack at security conference 44Con in London earlier this month.
The Pixma is a line of all-in-one printer/scanner/fax machines popular with home users and small businesses. He used the Pixma’s unsecured web interface and lax encryption to install hacked firmware and control the printer over the Internet.
Getting a printer to run an old video game might seem like a curiosity, but the stunt was just to put a humorous spin on a very real problem. Jordan stated after uploading the hacked firmware, he could have used the printer as a gateway to attack other devices on the network instead. Since the Pixma also has an integrated scanner, a savvy hacker could have used the flaw to have it send them a copy of any image scanned without the user knowing.
Canon has released a firmware update for the Pixma line aimed at closing the security loophole, but other printers also have web interfaces and may be vulnerable to similar tactics.
Few people think of a printer as a security risk, but you should treat your printers with the same care as any other network-connected device.