Sponsored

Mind the printers: How to close the security gap

Ever wondered how a hacker would exploit the printers on your network? We asked one to find out

The lowly printer, oft maligned by operators and users alike, is the target of a wide array of attacks from hackers. The principle objective of a printer attack is, ostensibly, the information flowing through the device, but multi-function printers and larger network printers offer a variety of other tantalising morsels for the creative hacker.

Advertisement - Article continues below

It's never been more important to pay attention to printer security - failing to do so could put your company at risk of a serious data breach. Printers are such an appealing target because whilst businesses may spend a fortune on server security, printers are barely given a second thought.

But before looking at how to close this vital security gap, it's essential to understand the types of attack levelled at printers.

What makes a printer vulnerable

There are three components of these systems that can be attacked: the operating system driver, the management tools and the printer's software.

The operating system driver is a bit of code that users are typically unaware of because it exists to provide an interface between the computer's print spooler (the bits that handle print jobs) and the physical printer.  

This driver is loaded when the computer boots and, as with any other software, may contain exploits (particularly in older models). The result of such an attack is most likely the escalation of local user privileges or the execution of arbitrary code on the PC itself, as opposed to on the printer.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Anyone who has added a printer to their PC has no doubt installed a wide variety of third party or vendor-provided applications with which to manage it.  This software is typically installed as part of the printer setup, configured to run at system boot time, and seldom updated.  

Like their more complex cousin, the print driver, an attack against these tools would most likely result in either a local privilege escalation or an execution of arbitrary code on the local machine, as opposed to any control of the printer itself. Read here for HP's analysis of threats to your printer.

Printer security: The new IT imperative' explores this topic in more detail. Download now to learn more.

Download now

How hackers will attack your printer

There are four primary ways to attack the printer: the web-based administrative interface (WebUI), SMTP, FTP and SNMP. Note that none of these routes of attack need the hacker to be physically present.

Advertisement - Article continues below

The WebUI of many printers is often a first stop for anyone attacking a printer.  Any compromise of the WebUI, whether through brute-forcing credentials, or via some exploit, gives an attacker the ability to control any configurable feature of the printer.

Often, an attacker will use this access to enable features -- such as queue retention policies and FTP access -- so they can return later, recover sensitive print jobs and parse them for sensitive information. Attacking the WebUI is akin to kicking in the front door of a house you intend to burglarise: effective, but not so subtle.

Sending spam through a printer may not sound like a plausible scenario, but thanks to the ability of many network printers to send and receive emails, this is very much a possibility.  This stems from the fact that the printer itself can't send email, but rather requires access to the company mail server.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Unfortunately, a great many administrators will simply allow printers to send emails through the corporate mail server without authentication, making the printer an excellent source for emails.  Worse, emails originating from these hosts are great for internal phishing attacks because they may genuinely appear to be a scan.

SMTP, FTP and SNMP

Many enterprise-class printers also support management and monitoring via the Simple Network Management Protocol (SNMP).  While SNMP is most commonly used to track ink or toner levels and the number of pages printed, it can also be used to alter the configuration of printers -- provided an attacker can gain access to the printer's read-write community string and/or authentication credentials.  

There are three different versions of SNMP, each of which has its own method for authentication: SNMPv1, SNMPv2c and SNMPv3.  SNMPv1 and v2c require a simple "community" string, such as a pre-shared passphrase used to identify authenticated devices.  

SNMPv3, on the other hand, requires a community string as well as an encrypted username and password pair for authentication.  Unfortunately for enterprises, the overwhelming majority of devices are configured to use SNMPv2c, which excludes the proposed security enhancements of the base SNMPv2.  

Advertisement - Article continues below

The end result is that once an attacker is on the network, it's a trivial matter to sniff out the SNMP community string and to then use that string to perform configuration modifications to enterprise-ready network printers or multi-function devices.

Protect against attack

In the end, the attack surface of a network printer is quite a bit larger than you might have previously understood.  So how do you secure these fixtures of the modern office?

The most effective strategy begins with understanding the workflows that use the printers. This allows you to isolate the devices on the network to a separate VLAN while restricting what traffic is allowed to traverse it. Finally, keep print drivers and management software up to date.

Advertisement
Advertisement - Article continues below

Understanding the workflows around any given printer insures that the measures you take to secure it don't negatively impact the business.  Isolating printers on their own VLAN ensures that you're able to control the flow of network traffic to and from that segment of the network easily.  

Advertisement - Article continues below

Keeping print drivers and management software up to date ensures that local machines aren't victims to malicious code that targets the software supporting our printers. Some printers have options to disable remote firmware updates or firmware updates sent as print jobs. This can make rolling out firmware updates a bigger job, but it's still a good idea if your printer doesn't have additional security measures to prevent the installation of malicious firmware.

Print security should be a priority for every business, but all too often it's ignored. Learn how to avoid printer security breaches in this whitepaper.

Download now

The HP factor

It's also worth noting that HP's latest round of laser printers, the M500 series, introduced three key hardware and software features to protect against attack. Indeed, two of the three features can be incorporated into older HP printers through firmware updates. See the link for a full list of printers covered.

Advertisement - Article continues below

The one security feature that won't be available to older machines is HP Sure Start, which depends on a "golden" BIOS that's separate to the printer's active BIOS. If, at the time of booting, the printer detects its BIOS has been compromised it will roll back automatically to the original.

The second new line of defence is whitelisting, which should ensure that only "good" firmware can be loaded and executed on the printer. If it detects non-HP firmware it shuts down and notifies the network manager.

Run-time intrusion detection rounds off the features, with constant monitoring of in-device memory that checks for attacks. Crucially for IT managers in charge of dozens of printers in different places, the printer reboots automatically.

So the lesson is to be aware of the security holes offered by the printer on your network and take whatever action is required, whether that's upgrading to a new machine, isolating printers onto their own VLAN, making sure your firmware and software is up to date, or a combination of all three.

Unless you want your next client correspondence, contract or sales report to be nicked by an attacker, you'd be well served to mind the printers.

To discover more about how HP printers can protect you from attack, head to HP's BusinessNow site.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Recommended

Visit/security/cyber-security/355185/165-million-britons-experienced-a-cyber-crime-in-the-past-year
cyber security

Report: 16.5 million Britons fell victim to cyber crime in the past year

1 Apr 2020
Visit/cloud/amazon-web-services-aws/355183/aws-launches-amazon-detective
Amazon Web Services (AWS)

AWS launches Amazon Detective for investigating security incidents

1 Apr 2020
Visit/security/privacy/355182/government-to-launch-coronavirus-contact-tracking-app
privacy

UK government to launch coronavirus 'contact tracking' app

1 Apr 2020
Visit/software/video-conferencing/355180/zoom-does-not-use-end-to-end-encrypted
video conferencing

Zoom admits meetings don't use end-to-end encryption

1 Apr 2020

Most Popular

Visit/security/cyber-crime/355171/fbi-warns-of-zoom-bombing-hackers-amidst-coronavirus-usage-spike
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020
Visit/security/data-breaches/355173/marriott-hit-by-data-breach-exposing-personal-data-of-52-million
data breaches

Marriott data breach exposes personal data of 5.2 million guests

31 Mar 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020
Visit/software/business-apps/355178/ibm-call-for-code-starter-kits-target-coronavirus-solutions
business apps

IBM Call for Code starter kits focus on coronavirus solutions

31 Mar 2020