Printers & Scanners: If They’re Unsecured, So is your Network

March 5, 2019 | Filed Under: FirewallHow ToSecurity

The convenience of networked printers and scanners is impossible to deny. A large and growing number of home and business users can print from anywhere in range of their WiFi network, without the hassle of moving their devices or transferring files to a print station. Many network-capable printers are now accessible across the Internet through print servers or cloud management platforms.

Of course, anything easily available to legitimate users on a network can also become a backdoor for attackers, and printers are a particularly overlooked attack vector. A report from Quocirca’s entitled “Global Print Security Landscape 2019” notes that a full 11% of security breaches are printer-related.

How do printer breaches occur?

Vulnerabilities in printer firmware can be exploited to grant unauthorized users control of the device. For example, security researchers found that late-model HP inkjet printers were vulnerable to buffer overflows caused by malicious files sent to the printer. In other cases, the printer’s open network connections simply go unexamined. By default, certain unmatched HP printers left open TCP port 9100, which supports “raw printing”, a method where commands can be sent directly to printers unmediated by device drivers. Crafty use of these commands have been used to traverse directories on the printer’s internal filesystem, overwrite startup scripts and provide full remote control to malicious users.

Some high-profile incidents have been relatively “harmless”, including multiple occasions in which the above exploit has been used to print unsolicited messages calling for recipients to subscribe to a certain YouTube personality. It is thought that over 50,000 printers were affected. These same flaws could also be used to overwhelm printers and deny their legitimate use, causing costly delays for businesses. They could also be used to monitor network traffic, or to log sensitive documents as they are queued for printing.

Protecting Your Network

Fortunately, there are many measures you can take to secure your network’s printers. Regularly checking for firmware updates, using a firewall, and keeping a thorough inventory of all devices including printers and scanners can help. An automated solution for auditing and monitoring like CyberSana can make the task of managing and securing multiple devices consistent and reliable.

Tags: , , ,