Printers: The Overlooked Security Concerns

by Matt Muse, Independent Security Researcher

How much consideration is given to the security of network printers on any given network?  Do you view printers as a threat to your network?  Growing research shows that network printers are a major risk, and with time we can expect more and more attackers leveraging printers as an attack vector.

Consider this possible scenario as an example.  An attacker wants to exfiltrate information from John.  John works in a critical government setting where his PC is locked down with secure passwords as mandated and his device is fully encrypted.  However, when scanning the network, the attacker notices many network printers.  Simply visiting the IP address of any of these printers will bring you to the device's login page.  What a surprise, default credentials were used as most organizations don't follow any sort of security practices when it comes to printers, no matter how secure the rest of their devices may be!  In this case, the attacker only needs to enter the contacts/address book and remap the scanning/email profiles for John to send to the attacker's own email address, and John will begin sending potentially confidential information directly to the attacker's inbox.

Another fairly recent attack method has been spoofing these multifunction devices (which is rather easy) and sending an email with a malicious attachment to users and making it appear to originate from their office copier, which they trust blindly of course.  How many users are going to carefully check emails that are sent from the copy machine that they use every day?  If IT professionals don't take the risk seriously, how can the end user possibly be expected to avoid the threat?

Yet another example in recent memory is "HackerGiraffe" abusing port 9100 to print messages to support PewDiePie, a popular streamer, on 50,000 printers worldwide.  According to HackerGiraffe, the whole exploit took him about 30 minutes from first hearing about port 9100 to writing the script he used.  A worldwide hack was pulled off by someone who described himself as bored while playing Overwatch.

So just how bad is the risk posed by network printers?  In 2017, Spiceworks did a study on printer security and determined that only 41 percent of printers have any kind of security controls applied.  What is even more alarming is that only 16 percent of IT support professionals view a network printer as an attack vector.  This can only be described as total negligence in an age where security has become a critical component of modern corporate settings.  Like any other endpoint on a network, the weakest link puts the entire network at risk for being compromised.  Attackers will always look for the easiest point of entry and the data is there to show that printers are not being taken seriously when it comes to securing them on networks.

If IT professionals don't stop viewing printers as basic tools, and start viewing them as networked low security computers that can also print, we will continue to see a rise in printers being used as easy targets.