Is your IT network secure? How sure are you? Chances are, if you have a network printer, and you haven’t taken steps to secure it, you’re vulnerable. You might not consider a printer to be a security risk but it can provide a potential access point to hackers. Fortunately, there are some simple steps you can take to remedy this.
Open season on printers
What, exactly, are the risks then? If your printer is on a network, there’s a good chance that it’s visible on the web. This means that your printer can potentially be accessed by anyone, whether or not they’re logged in to your network. Anyone who knows what they’re looking for can find 86,000 publicly accessible HP printers just by performing a quick Google search.
Vulnerabilities in HP’s Web JetAdmin and JetDirect software have been well documented but the problem is not confined to HP printers. Modern printers have hard drives, memories, CPUs and even operating systems, which makes them more like PCs and, therefore, tempting targets for hackers.
Beware of the bot
To demonstrate this, an unknown researcher released a a botnet called Carna in 2012. In the space of nine months, Carna infected 420,000 devices and collected 9 terabytes of data. Although the data doesn’t appear to have been used maliciously, it highlights a massive issue. Carna was able to infect the devices because each of them was set with either the default login password or none at all.
Assuming that a hacker does manage to access your printer, what can they do? Quite a lot, as it happens. Printers and MFPs store electronic copies of the documents they handle – copies which can easily fall into the wrong hands if they’re not properly encrypted or destroyed.
Why it’s a problem
In one high profile case in the U.S., a reporter found that MFPs awaiting resale still contained copies of sensitive files; one contained a police department’s list of targets for a drugs raid, another contained a company’s payroll records and a third contained medical records. These same files can be read by a bot sitting undetected on your printer.
Your printer can also act as a back door to the rest of your IT network – a bot can analyse the stream of data that passes through it to detect weaknesses and other potential entry points. Worryingly, Carna detected a malicious DDOS (distributed denial of service) bot called Aidra on thousands of the accessible devices. Aidra, and bots like it, have the potential to cause huge amounts of damage to IT networks.
What can you do about it? The first and easiest step is to change the device’s default password - an incredibly quick and simple procedure which most of us still neglect. This type of behaviour is what made it so easy for The News of the World to hack into people’s voicemails. You wouldn’t leave your front door open or your car unlocked so why wouldn’t you use a secure password?
Next, think about who actually needs to access the printer and why. Your printer might be available to users on your internal network but do they really need to access it over the web? In all probability, they don’t. Here’s the advice from Canon U.S.A.:
“System administrators must be able to enable and disable FTP, SMTP, HTTP, IPP, RAW, SNMP, and other common protocols at the device level to block unnecessary connections. For tighter control, they should also be able to restrict MFP use by IP address, allowing only certain addresses or ranges of addresses to send or receive documents. In addition, the MFP device should be able to handle common encryption protocols such as SSL and IPSec to protect data as it travels over the internal network.”
In other words, any unnecessary external connections should be blocked and any necessary ones should have restricted access. As a further precaution, all data sent over your network should be encrypted. Finally, the printer should be sat behind a secure firewall, just like the rest of your networked devices. Your PCs and severs are undoubtedly protected by a firewall but are your printers?
Keep up to date
Another important measure you can take to secure your printer is to ensure that its firmware is up to date. Most software updates and patches are to fix known security issues, so if you don’t download them, you’re leaving yourself vulnerable. Software updates for printers are less frequent than for, say, PCs and they’re not as publicised, but it’s well worth taking the time to check for them on a regular basis.
Are you doing enough?
An unsecured network printer can be a hacker’s dream but you can make life harder for cyber-criminals with just a few simple precautions.
Are you doing all you can to keep your network printer secure? Have you had problems with your network being hacked? If so, what lessons have you learned and what advice would you give to others?
by Anthony Morgan