Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

11/24/2020
11:00 AM
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Printers' Cybersecurity Threats Too Often Ignored

Remote workforce heightens the need to protect printing systems against intrusion and compromise.

Working remotely was growing more common even before the coronavirus pandemic accelerated the trend. As workers increasingly settle into their home offices, they still need access to company networks and office hardware — particularly printers. In fact, the pandemic led to a spike in the sale of home office printers, according to Deloitte.

This scenario poses a challenge for IT personnel who are working to secure increasingly decentralized networks in today's hybrid work reality. More specifically, it highlights the challenge of protecting traditionally unforeseen targets — printers — against intrusion and compromise. That's of increasing importance: According to Quocirca's 2019 "Global Print Security" report, 59% of businesses in the UK, US, and Europe have experienced a print-related breach in the past year.

Related Content:

More Printers Could Mean Security Problems for Home-Bound Workers

The Changing Face of Threat Intelligence

New on The Edge: ISP Security: Do We Expect Too Much?

IT decision makers are waking up to this reality — 83% of respondents to another Quocirca survey say their IT departments are at least somewhat concerned about the security of information printed on home printers. But whether in an office, at home, or anywhere else, the risks go beyond device and document security. The rise of the Internet of Things (IoT) means today's printers can contain several potential entry points to networks and sensitive data — a threat for which large enterprises and small businesses operating remotely must prepare for.

The Nature of Printer Attacks
Previous generations of printers were equipped with read-only memory, making them less vulnerable to hacking or reprogramming. But modern printers have entire operating systems and writable memory, not to mention the convenience of downloadable apps and online firmware updates. These improvements make blending our physical and digital lives easier and more accessible than ever. They also create potential access points where hackers can insert malicious code to gain access to a network and its sensitive data.

Printing systems can experience straightforward interruption-of-service attacks as hackers exploit old firmware versions to take over and halt the operation of a device. But they can also be subjected to more sophisticated exploitation, such as man-in-the-middle attacks that expose sensitive confidential data. Hackers can also leverage exposed Internet Printing Protocol (IPP) ports to gain access to the network. According to ZDNet, 80,000 printers — nearly an eighth of all IPP-capable printers — are exposing their IPP ports online on a daily basis. That's a profound issue for the countless enterprises around the world transforming at an astounding pace right now.

Making Printing Safer
Printer vulnerability doesn't have to be inevitable. In fact, there are multiple ways to help secure printing systems against malicious interference by third parties: 

  1. Supply chain security: By creating a fully secure supply chain from start to finish, manufacturers can reduce the opportunities for malicious code or third-party elements to be installed in the system before the printer even goes online. Customer verification, digital tracking, and tamper-proof, multilayer packaging all play a part in minimizing vulnerabilities.

  2. Hardware security: Printers can be designed with internal resources to enhance security, including multiple layers of protection that help detect and remediate attacks. Firmware plays a key role in this part of security architecture, making it essential to protect the firmware's original code from tampering within the supply chain.

  3. Secure cartridges: Chips with built-in security and proprietary firmware can help protect against third-party interference at the point where information is transferred from the chip to the printer. Smart-card technology plays a key role in protecting against this vulnerability, helping resist tampering and hacking and reducing the risk of backdoor attacks. A maliciously programmed chip, on the other hand, could stop a printer from working or even create new vulnerabilities.

  4. Proactive testing and improvements: Any firmware is only as good as its code. Manufacturers must proactively test the security of their printers and cartridges to ensure they can withstand malicious attacks. Bug bounty programs are one way to do this; for example, HP is collaborating with Bugcrowd to hire professional ethical hackers to help uncover potential risks in printers and cartridges for an end-to-end security testing approach.

  5. Firmware upgrades: Printers, like most other IoT devices, should always deploy the most current firmware updates. Firmware updates not only deliver the latest features and functionalities, but they also fix bugs and provide protection against the latest cybersecurity vulnerabilities. 

Awareness Is Key
The cybersecurity landscape is immense, and it's far too easy to ignore the critical role printers play in an organization's or an individual's security. Recognizing that risk and making it a priority is the first step in managing and mitigating these threats. IT personnel are becoming increasingly aware of this issue, but it is essential to take steps now to mitigate these risks given that the rise in home offices and decentralized workforces is increasing the potential for malicious interference.

Make no mistake: IT departments are engaged in an arms race against ever more complicated external attacks. Manufacturers need to build cyber-resilient devices and solutions that can protect, detect, and recover from these attacks.

Shivaun Albright is HP's Chief Technologist of Print Security who is responsible for the company's enterprise print technical security strategy. She has over 10 years of cybersecurity experience and four years of experience as standards committee chair, in which she oversees ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36388
PUBLISHED: 2021-06-17
In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.
CVE-2020-36389
PUBLISHED: 2021-06-17
In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.
CVE-2021-32575
PUBLISHED: 2021-06-17
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.
CVE-2021-33557
PUBLISHED: 2021-06-17
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
CVE-2021-23396
PUBLISHED: 2021-06-17
All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.