The past couple of weeks, we went through some considerations with the Internet of Things (IoT for short). One major consideration that has been persistent throughout the world of IoT are devices that can be easily hacked.
Earlier this month, a considerably large group of hackers—many of whom hack devices and systems for a living (in security we call these people part of the red team)—met in Las Vegas for the largest cybersecurity event of the year. Many of the world’s leading hackers in all of technology, ranging from airplanes and automobiles to networks and even your printers.
One expert group of hackers demonstrated live some major bugs in a variety of networked printers that could essentially allow someone to either steal sensitive information from the printer or use the printer as a means to crawl your network.
Six popular enterprise-grade printer manufacturers were pointed out at one specific talk, each vulnerability could lead to potential havoc on your network. At least 35 significant vulnerabilities found across a variety of printers, including HP, Ricoh, Xerox, Lexmark, Kyocera and Brother, were identified by the researchers.
The researchers were particularly concerns with printers because many of us don’t think they have any real potential to cause harm on your business network. The reality is that we use printers for a variety of reasons, including to print or process sensitive documents.
While printing might at first glance seem mundane, what these security experts were emphasizing is that these devices are connected on your network and that printers should be at least secured as any PCs (as should be the case with any device connecting to your network!).
Here’s a recap of what experts found when evaluating very common networked printers:
Backdoors onto your network—the researchers that looked into printer vulnerabilities suggested that there is a very high possibility that hackers would be able to install a backdoor connection with the printer.
Backdoors essentially are channels onto your network that cannot be seen or detected. A backdoor attack through a printer may be very attractive to a malicious hacker because most common backdoor attacks are on more hardened and more secure hardware, such as servers, desktops and laptops. Securer hardware typically has antivirus (which should be regularly updated) and other more sophisticated detection that many devices that might not be seen as critical will lack.
One way to confront malicious traffic exploiting your printer is to make sure you (1) are using a firewall capable of detecting malicious traffic and (2) are focused on detecting uncommon traffic coming from your networked devices.
In the case of a printer, it would be very odd if traffic were leaving your network from that device—detecting something like this would indicate a need to investigate further.
Leaking sensitive documents—once connected to a networked printer, a hacker may be able to redirect the information to an offsite location where the hacker inserts itself from when the printer receives a job to when the job actually gets printed.
If your printer were compromised and you were printing classified or sensitive information, that information may be leaked off network to the attacker prior to getting printed. As I mentioned above, one key way to find out if you have suspicious activity on your printers is to evaluate if any of your printers are sending traffic outside your network (when evaluating traffic with printers, you should mostly find traffic being received).
Patches are being released—at this point, the researchers mentioned that patches for most systems are either in the works or have been patched (Lexmark was particularly quick to respond to these bug inquiries with security fixes). Your system administrator should be advised to check for printer vulnerabilities and update with the latest firmware (and monitor those devices for further updates).
Many IT experts fail to see printers as IoT—since printers have been around far longer than other IoT devices, many in IT-related fields fail to recognize printers as part of the IoT ecosystem.
The problem with this is many of the printers you use today are connected to your network and pose significant risks—as other IoT devices—to network and data security. Security experts, including the researchers on this printer vulnerability investigation, emphasize including printers and other IoT-related devices into your security strategy. Note: if you do not have or do not know how to devise a strategy for your business consider a network security assessment as a first step.
The bottom line from all of this—printer problems are not uncommon. As your office depends more on networked printers, you will likely face more threats. What we want to make sure is that your printers are protected and incapable of leaving gaping holes in your networks!