Feb 22 2022

How much can you trust your printer?

Category: Printer securityDISC @ 9:33 am
Which assets can be made accessible by printer vulnerabilities?

Business-class printers are often running a variant of Linux, which means they have many of the same vulnerabilities that you would find on any network attached Linux server. Many zero-day exploits that have been found in the Linux kernel could be found in these printers if they are left unpatched.

So, what is the primary motivation of attackers? It is usually to gain remote access behind the corporate firewall. Cybercriminals often use network-attached devices to discover more about the other devices connected to the network. If a device can be used to scan the network, it might be possible to find other vulnerable devices on the network. It may even be possible for the attacker to use the printer to mount the attacks on other network-attached devices. In this way, a printer becomes a staging area for malicious actors to attack and compromise other, more critical platforms within a corporate network.

That said, for some companies, the printer itself can be the target. Many business class printers have hard drives that are used to save jobs, templates and other necessary information needed for its use by the customer. This means that an immense amount of sensitive and confidential data is being stored on the printer. Extraction of this valuable, locally stored data on the printer is sometimes an attacker’s goal.

What can organizations do to make their printers secure?

First off, good “firmware hygiene” is essential. Multi-function network-attached printers are surprisingly sophisticated systems, and as a result have highly sophisticated embedded operating systems. Most of these printers have a webserver for providing device status and allowing configuration updates along with printer firmware updates. These devices are also expected to support a lot of different network protocols, such as SNTP, SNMP and the related printer-specific protocols.

As you might expect: the more complex the firmware in a device is, the more potential security vulnerabilities it may have. Printer OEMs are aware of the attack surface their products present, and they strive to maintain the highest grade of security within their embedded software. A policy for applying standard vendor-authentic updates and patches should be followed. Also, intrusion-detection software should be operational within a corporate LAN. This allows for monitoring of any non-standard, potentially malicious traffic – not just from the user’s personal devices, but from any network-attached appliance.

Printer Security The Ultimate Step-By-Step Guide

Tags: Printer security