I’m often astounded by how frequently company networks, with otherwise good security practices, completely neglect their network printers. Usually, they are simply installed and, as long as they work, nobody pays any attention to them until its time to reload the paper or replace the toner cartridge. But most of these printers are sitting ducks, ripe for any simple attack by even the most novice hacker.
Gone are the days of just toner and paper, now printers take on computer-like characteristics with internal storage, FTP uploading, SNMP, etc. Heck, some printers are loaded with vulnerable applications. Some have embedded Windows systems that are interfacing with the network. Yet, almost no risk management or oversight is used to protect the printers from attacks. At the very least, hackers can access classified information sent to the printer. At worst, they can be turned into remote-controlled bots and be used as a launching pad for further attacks.
Why am I bringing this up? We broke into a client’s external network through a printer. Yes, full network access because of a single printer.
I’ve seen printers used to catch passwords, change passwords, capture valuable documents, and grab print jobs. I once heard of college students who rerouted an exam print job to their dorm room printer so they could get an advanced copy of the exam. (Why didn’t I think of that!)
Conferences are showing examples of how easy it is to bypass authentication, inject commands at the root level, and create shell code to take over printers. By exploiting the printer’s Internet connection, hackers can use it as a proxy to attack other sources, while concealing their own location. Printers were one of the devices utilized in the Blaster worm that disabled systems at multiple offices at McCormick and Co. in a matter of hours.
Printers have hard drives that store extremely sensitive data about print jobs and who is issuing them so think about your printers like laptops. These hard drives are vulnerable to theft or can be read during a repair. It is recommended to clean hard drives weekly or at least monthly but that is much too frequent for printers. The best route to defend against pritner attacks is to create an image/standard configuration for printers just like you do for servers, workstations, and laptops. Try not to buy the cheapest printer available and go with a more business class or enterprise printer that will have more security features such as proper domain authentication. Lastly, LOG all prints. Yes, use a real print server such as one running Linux or Windows, and log when print jobs are submitted.
Updating passwords, cleaning hard drives, and checking network configurations of printers are among the considerations that should be clearly identified in a security policy and that applies to your pritners too!
You must log in to post a comment.
{ 1 trackback }