Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Connect Directly

Printers: The Weak Link in Enterprise Security

Organizations frequently overlook printer security, leaving systems exposed to malware and theft. New tools aim to lessen the risk.

PC security has become a priority for security leaders following global ransomware attacks earlier this year. If they didn't before, everyone from CISOs to everyday consumers knows it's a bad idea to ignore security updates or use simple, breakable passwords.

This heightened awareness does not extend to printers, however, and hackers are exploiting poor printer security practices.

"Unlike PCs, where there's a full appreciation for the need to secure those devices, there's much less awareness to the need to secure print devices," says Ed Wingate, VP and GM for HP's JetAdvantage Solutions, noting that strong security practices for protecting PCs and other nodes on the network are not consistently deployed to printers.

Weak link in the IoT

Sam McLane, who runs the security engineering team at Arctic Wolf, says he is far less concerned about today's printers than about yesterday's printers. Many organizations, especially smaller ones, use printers around five to eight years old, and haven't updated them.

"Printers, specifically, have a much longer shelf life than any of the other IoT devices, and they were the earliest of the adopted devices," he explains. "People will run them into the ground and then some before they start replacing them."

This poses an especially big problem to small offices using consumer-grade devices, McLane continues. SMBs don't have the need or budget for high-end enterprise level printers, and make the mistake of sending corporate data into the cloud with lower levels of protection on a device meant to be in someone's house and not necessarily in a corporate environment.

"Someone could get into a computer via malware; printers advertise themselves well," says McLane. "If a laptop or desktop gets compromised, a printer is a great spot to put malicious code that everyone talks to … it's a built-in platform to launch attacks."

Common printer slip-ups

Most frequent mistakes include employing weak or default passwords, and neglecting to update firmware. "Printers are not always updated with the latest firmware," HP's Wingate adds. "In fact, we see heavy use of old firmware with printers, some with known vulnerabilities that are not being patched to the latest version. That represents an opportunity for hackers to come in."

Mismanagement of printer settings and ports leaves the door "wide open" for remote entry onto devices and into corporate infrastructure, he continues. Lack of active monitoring for printers also leaves businesses vulnerable to unauthenticated actors.

When overlooked, these errors can put full organizations at risk. Earlier this month, security researcher Ankit Anubhav found nearly 700 Brother printers exposed online, granting full access to their administration panels over the Internet. Devices on university, corporate, and government networks could be found via IoT search engines like Shodan and Censys.

One of the factors behind this exposure was the decision to ship printers with no administrative password. Researchers believe most businesses likely connected vulnerable machines to their networks without recognizing their administrative panel was exposed.

Vendor responsibility

As Wingate points out, it's not enough to simply protect a network from initial penetration. Firewalls are helpful "but not sufficient," he explains. CISOs must assume their network has already been breached and ensure there is no lateral attack on the network.

"What we've discovered in our research is that certain malware packets are able to enter the network by being sufficiently small and low profile - effectively entering under the radar," he explains. Once inside, it needs to contact the master command-and-control server to know what to do next. The way it does this is characteristic of that type of malware attack.

HP is addressing modern printer risks like this with a tool called Connection Inspector, which analyzes outbound network connections typically targeted by malware. It detects anomalous behavior and, if necessary, triggers a reboot to go back to a known version of the BIOs. This accelerates response speed, Wingate says, which is important given the security skills gap.

"If you have a human in the loop, who needs to be notified that there's a malware penetration, and he or she delays the response on solving the issue that undermines the security of the entire network," he explains.

Other new tools aim to improve security amid cloud growth and the rise of remote work. HP Roam, a Pull Print solution built in the cloud, lets mobile workers hand off documents and print them, then erases the job off the printer once the job is complete.

"Whether it's a sales rep in the field, an insurance agent, or any other 'road warrior' in the field, they sometimes must print," says Wingate. "And if they're not at home, and they're rarely at the office, where do they securely print? They don't securely print."

[Hear Arctic Wolf's Sam McLane discuss "Targeted Attacks: How to Recognize Them From the Defender's Point of View" at the INSecurity conference at National Harbor, Md., on Wed., Nov. 29. Register here.]

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
User Rank: Apprentice
10/16/2017 | 11:49:53 AM
Ohhh that is pretty interesting 
User Rank: Ninja
10/17/2017 | 7:43:51 AM
A simple google search
Years ago there was published a simple, extended search string for Google that browsed the internal web page of millions of Officejet printers.  Fantastic.  Tried it and the pages were displayed along with internal IP settings which, for a hacker, is an open door.  I did not purposefully remember it but I am not surprised that printers are a wide open door.  
User Rank: Apprentice
10/20/2017 | 7:34:49 AM
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
10/21/2017 | 3:35:53 PM
For years
This has been an issue for quite a number of years, unfortunately. Printer vulnerabilities -- either because of poor enterprise practices or because of manufacturers not paying enough attention to their products -- really brought some attention the security weaknesses of embedded devices before the proliferation of IoT. Too bad manufacturers and enterprises didn't listen.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
10/22/2017 | 10:53:24 AM
Re: A simple google search
Even beyond Google, there's Shodan for finding exposed embedded devices -- printers and otherwise. Security researchers have relied on Shodan quite a bit to pull off some interesting research/exposes.
Olaf Barheine
Olaf Barheine,
User Rank: Apprentice
10/23/2017 | 4:32:10 AM
I think I should switch my old printer from RJ45 to USB. A security test with NMAP showed that it's open like a barn door. And new firmware is not more available.
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google Maps is taking "interactive" to a whole new level!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-17
Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post.
PUBLISHED: 2021-05-17
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."
PUBLISHED: 2021-05-17
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images."
PUBLISHED: 2021-05-17
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637.
PUBLISHED: 2021-05-17
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051.