Network-Accessible Printers Pose Hidden IoT Security Risks
The office printer isn’t often considered a part of the Internet of Things (IoT). The reality, however, is that network-accessible printers and multifunction printer-copier-scanners are in fact the quintessential IoT devices. Printers that can be attached to and discovered on a corporate network present a security risk to the enterprise that’s as potentially damaging as any IoT security camera.
Network-accessible printers offer broad accessibility and connectivity within the enterprise. If a cybercriminal were to breach such a device, they could move laterally through the network to workstations and servers. There’s also the risk of data loss if a printer is compromised and cybercriminals steal any data stored on it. In fact, according to Quocirca’s Global Print Security Landscape report, 61% of companies have experienced print-related data loss in the prior 12 months.
Most printers are connected to networks with minimal security, which allows anyone with network access to connect and upload malware to these devices. With so many access points, including Wi-Fi Direct, Ethernet, Wi-Fi 5 GHz, Wi-Fi 2.4 GHz, and Bluetooth, bad actors can easily access any network and gain control of valuable data via these devices.
What Makes Network-Accessible Printers Vulnerable?
All IoT devices are vulnerable to malware and cyberattacks. Printers are no exception, despite their fixed function in the enterprise. Their primary roles involve basic print jobs, and yet modern printers are also gateways to a company’s most sensitive information. Cyberattackers can readily take advantage of unsecured printers to spread ransomware, trigger data breaches, and move laterally deeper into the enterprise network. They are usually widely accessible and have processing power to spare.
Network-accessible printers have a number of basic weaknesses that they share with IoT devices. These include:
- Default passwords – Printers, much like IoT devices, are connected to networks with default passwords to their admin consoles. Many network-accessible printers come with default usernames and passwords that are easily guessed or available online. If these credentials are not changed as quickly as possible, anyone can access the printer’s settings, including network configurations and print queues. Default passwords should be changed as quickly as possible.
- Misconfigurations – Configurations of network-accessible printers establish various details of print services, including initiating print queues, modifying device preferences and settings, and routing print jobs. Printer configurations can be altered in a few ways: either negligent printer management or malicious activity. Misconfigured printers can result in re-routed and exposed documents.
- Unsecured network connections – Printers can function as network terminals, which can make them exposed to phishing, malware, DDOS, or other cyberattacks. Insecure network connections mean that anyone could potentially access the printer and any data on it. Data stored in memory or on a hard disk drive could be compromised or stolen.
- Outdated firmware – Much like IoT devices, network-accessible printers often operate with outdated firmware. Office printers can be difficult to update, despite manufacturers releasing new updates. The frequency of the updates might be sporadic though. This means that organizations could be using printers that are vulnerable to attack because they have yet to update the firmware that the printer runs on.
Network-accessible printers share many of these weaknesses with IoT systems. Connected devices are often deployed with built-in default passwords that can’t get easily changed before they’re connected to the Internet. In the case of network-accessible printers, it’s just as easy for the manufacturer to use “admin” as both the username and password. This makes it easy to set up the printer but offers nothing in terms of keeping the printer secure.
Moreover, printers that don’t force passwords on print jobs create another risk. It’s easy enough for cybercriminals to redirect print queues and print documents to themselves if there’s no security on the print job itself. The lack of passwords on print jobs also opens up the risk of insider theft from users gaining unfettered access to potentially sensitive documents.
These vulnerabilities aren’t limited to traditional printers. 3D printers are also at risk, as demonstrated by someone allegedly hacking Anycubic 3D printers. There’s been no statement from the company about the hack. The alleged vulnerability enables potential attackers to control any Anycubic 3D printer affected by using the company’s MQTT service API. The person behind this incident added a file called hacked_machine_readme.gcode to the affected devices—a file that typically contains 3D printing instructions—alerting the affected users that their printer is impacted by a critical security bug.
Printers Need to be Protected to Secure the Enterprise
Network-accessible printers are often ignored when it comes to security strategies. Workstations, servers, cloud databases, and even IoT devices like IP cameras and thermostats get included in protection strategies because they are acknowledged as security risks and mitigations put into place to secure them.
Employer-owned home printers rank in the top 10 of security risks (21%) in the Quocirca study, ahead of the office print environment (20%). CIOs and CISOs differ in their perspective on printing security. About 18% of CIOs consider office printing a key security risk compared to 30% of CISOs.
The reality is that printers need to be protected. The risks of data theft and compromised networks are very real, and given that printers’s defense tends to rank low on the priority list, they are more attractive to attackers than other endpoints. Ensuring that printers are only accessible to approved users and defended is the best way to secure the enterprise.
This strategy should include:
- Ensuring that printer firmware is regularly updated to patch vulnerabilities. New vulnerabilities are found all the time, and keeping printer firmware updated to resolve any issues can limit your risk.
- Limit access where necessary, as some printers may need to be on segmented networks based on the level of sensitivity of the data being printed. Not every printer needs to be accessible to every employee.
- Delete printer logs to preserve data security. If printer logs are not retained after printing, there’s no data for a threat actor to exfiltrate when they breach the printer.
- Decommission printers quickly when no longer in use. Old printers that are no longer used in day-to-day work should be decommissioned and wiped to ensure they are not connected to the network.
Network-accessible printers are some of the riskiest connected assets in the enterprise. They’re often ignored in security strategies, and can readily be accessed for lateral movement or data theft. As a result, printers should be integrated into the overall defensive strategy of the enterprise to ensure that critical data is protected. Only then can companies ensure that they have strong defenses for this crucial component of business operations.
To find out how Asimily can help manage the security risk of connected devices for your business, download our white paper: IoT Device Security in 2024: The High Cost of Doing Nothing whitepaper.
Reduce Vulnerabilities 10x Faster with Half the Resources
Find out how our innovative risk remediation platform can help keep your organization’s resources safe, users protected, and IoT and IoMT assets secure.