Printer hacking is becoming more of a threat to companies big and small. In one newsworthy stunt, a hacker called stackoverflowin hijacked 150,000 printers to “raise awareness” of hacking, spitting out a curse-word- filled warning on paper to all the machines. The printers came from major brands such as HP, Brother, Epson, and Canon.
In this case, the damage was minimal – maybe paper and ink were wasted, but nothing else was harmed.
However, printer hacking can be a massive problem for businesses, from stolen documents to broken hardware. Modern net-connected printers and MFPs (multi-function printers that also serve as copiers, scanners, and fax machines) are particularly vulnerable.
One of the benefits of managed print services is enhanced security for your entire printer fleet. Let’s take a look at how a printer might become compromised, the vulnerabilities that hackers prey on, and how managed services can help you from becoming a victim.
How Hackers Compromise Printers
Hackers can compromise printers in several ways. Some of these encroachments may be as simple as installing virus software on the user’s end to monitor document creation and printing. With a direct attack, the printer is controlled by the hacker. This can be done via malware or simply by controlling the printer remotely using the printer’s technology features.
Printer hacking may not just be about accessing the printer itself. The MFP may simply be a door to the rest of your network.
Other security risks include documents being stolen at the printer itself. This is, of course, not the same thing as hacking but can be a huge problem for a business if the documents in question are valuable and require privacy.
Why Printers Are Susceptible to Hacking
Printers today are incredibly susceptible to hacking due to internet connectivity. Hackers often find a way in by scanning open printer ports that are connected online.
In the case of the stackoverflowin hack, machines were targeted that possessed IPP (Internet Printing Protocol) ports and LPD (Line Printer Daemon) ports. These ports, along with an open door on TCP port 9100 (used for raw printing data), can be exploited by someone with the right knowledge – if managed print services security isn’t in place.
These port insecurities are well-known vulnerabilities that can be exploited without much cost or effect. In fact, they are so easy to take advantage of, that a hacker fan of famous YouTuber PewDiePie targeted 50,000 printers to help promote the YouTube star.
How Your Printer Fleet Is Vulnerable
The number one threat to a company’s printer fleet is its connection to the Internet. This can be a huge vulnerability that could cost your business time and money.
But this type of direct printer hacking is just one way your printers may be insecure. Your documents are vulnerable at the machine itself, as well as in transit from the device to the printer.
Even worse, a visible attack on printers – say, printing out thousands of pages of garbage – could be used by a malicious actor to divert attention and resources away from the main attack on a different system, perhaps something highly critical like financial accounts. This is, in fact, a common tactic of state-linked attacks on major banks (by countries such as North Korea). In other words, vulnerable printers can be a tool for cyberwarfare.
Without passwords, authentication, and encryption, printers and MFPs are vulnerable. Unfortunately, many companies are often lagging in preventing these problems due to a lack of planning. Even with the best planning, keeping up with the continually changing cyber-landscape can be challenging.
Managed Print Services Can Keep Your Printers Safe
Managed print services (MPS) security should be part of a greater cybersecurity plan that encompasses all technological aspects of your business. By working with an MPS partner, you can get the support from an objective third party that will help assess your printer network for vulnerabilities and create a plan of protection. This plan and assessment should include a review of the existing print fleet to see if outdated equipment is providing any vulnerabilities. Operating systems, software, and all printer drivers need to be up-to-date and regularly maintained.
Perhaps most importantly, the proper roles and authentication levels need to be set up, so the right people get the right access to the machines they need.
Additionally, the benefits of managed print services can include better document management and workflows to prevent information from being stolen on its way to the printer.
At DOCUmation, we pride ourselves on being thought leaders in the managed print services industry. We are experts in MPS solutions that improve security and prevent hacking. Contact us for more information on how we can help your business.