The international hacktivist group Anonymous recently claimed it hacked hundreds of unsecured printers throughout Russia, using them to distribute anti-war messages. Despite their good intentions, the incident is just another reminder that printers, fax machines and multifunction devices are far more vulnerable to malicious exploits than most people realize.
Nearly 7 in 10 organizations report they have experienced data losses due to unsecured printers, faxes and MFDs, according to a new survey from Quocira. Most breaches involved digitally intercepted print jobs, data copied from printer hard drives, and documents faxed or emailed to external sources.
However, other exploits have the potential to cause much more damage. The fact that these devices are almost always networked means they can potentially be weaponized to spread malware, steal network credentials or compromise the entire network.
In February, Microsoft notified users about four “elevation of privilege” vulnerabilities targeting the Windows Print Spooler, which serves as the interface between printers and the Windows operating system. Spooler functions include driver management for various printers, the creation of print jobs and data encoding.
According to Microsoft, these vulnerabilities allow arbitrary writing to the file system, which could allow attackers to execute malware. Attackers could potentially exploit these vulnerabilities to view, change or delete data, or even create new accounts with full user rights.
A Persistent Threat
Printer vulnerabilities are not particularly novel. The infamous Stuxnet worm that wreaked havoc on global industrial systems in 2010 exploited Print Spooler vulnerabilities. The Weev hack in 2016, the Stackoverflowin hack in 2017 and the PewDiePie hack in 2018 each successfully compromised tens of thousands of printers.
Part of the problem is that security seems to be an afterthought among manufacturers. An investigation conducted by the Consumer Reports Digital Lab research team found unnecessary permissions, insecure protocols and poor security design in all five brands of small office/home office printers it tested.
Printers, faxes and MFDs often have little default security. Many are shipped from the factory with weak default passwords or no passwords at all. Some companies use the same default password for all their printers.
Another issue is that many of these devices have embedded web servers to manage settings, get updates, and perform routine maintenance tasks. Because few organizations realize that’s the case, they rarely apply patches or set permissions and privileges. Very often, they aren’t even password protected.
Printer Security Tips
Here are some of the steps organizations should take to reduce their risk:
- Apply firmware updates and software patches regularly. If the device supports Bluetooth, this feature should be disabled if it isn’t used.
- Secure your printing ports. Printers should only accept commands from specified ports on the network router.
- Change the default password. Use a strong, unique password and make sure print functions require log-on credentials.
- Implement encryption to reduce the risk of unauthorized access. Devices with hard disks should also be configured to auto-erase files after each print, scan, copy or fax job.
- Consider using network segmentation. If hackers do gain access to a printer, segmentation will prevent them from moving freely across the network.
- Use a firewall. This will help prevent anyone from remotely accessing your printer from outside the network.
Networked MFDs, printers and faxes may not seem like particularly high-tech tools, but they can provide an easy way for hackers to gain entry into your network. Closing potential security gaps helps ensure that printers aren’t accessed by malicious actors. Give us a call and let us show you how to put the necessary protections in place.
