Printers: The Weak Link in Enterprise Security

Organizations frequently overlook printer security, leaving systems exposed to malware and theft. New tools aim to lessen the risk.

PC security has become a priority for security leaders following global ransomware attacks earlier this year. If they didn't before, everyone from CISOs to everyday consumers knows it's a bad idea to ignore security updates or use simple, breakable passwords.

This heightened awareness does not extend to printers, however, and hackers are exploiting poor printer security practices.

"Unlike PCs, where there's a full appreciation for the need to secure those devices, there's much less awareness to the need to secure print devices," says Ed Wingate, VP and GM for HP's JetAdvantage Solutions, noting that strong security practices for protecting PCs and other nodes on the network are not consistently deployed to printers.

Weak link in the IoT

Sam McLane, who runs the security engineering team at Arctic Wolf, says he is far less concerned about today's printers than about yesterday's printers. Many organizations, especially smaller ones, use printers around five to eight years old, and haven't updated them.

"Printers, specifically, have a much longer shelf life than any of the other IoT devices, and they were the earliest of the adopted devices," he explains. "People will run them into the ground and then some before they start replacing them."

This poses an especially big problem to small offices using consumer-grade devices, McLane continues. SMBs don't have the need or budget for high-end enterprise level printers, and make the mistake of sending corporate data into the cloud with lower levels of protection on a device meant to be in someone's house and not necessarily in a corporate environment.

"Someone could get into a computer via malware; printers advertise themselves well," says McLane. "If a laptop or desktop gets compromised, a printer is a great spot to put malicious code that everyone talks to … it's a built-in platform to launch attacks."

Common printer slip-ups

Most frequent mistakes include employing weak or default passwords, and neglecting to update firmware. "Printers are not always updated with the latest firmware," HP's Wingate adds. "In fact, we see heavy use of old firmware with printers, some with known vulnerabilities that are not being patched to the latest version. That represents an opportunity for hackers to come in."

Mismanagement of printer settings and ports leaves the door "wide open" for remote entry onto devices and into corporate infrastructure, he continues. Lack of active monitoring for printers also leaves businesses vulnerable to unauthenticated actors.

When overlooked, these errors can put full organizations at risk. Earlier this month, security researcher Ankit Anubhav found nearly 700 Brother printers exposed online, granting full access to their administration panels over the Internet. Devices on university, corporate, and government networks could be found via IoT search engines like Shodan and Censys.

One of the factors behind this exposure was the decision to ship printers with no administrative password. Researchers believe most businesses likely connected vulnerable machines to their networks without recognizing their administrative panel was exposed.

Vendor responsibility

As Wingate points out, it's not enough to simply protect a network from initial penetration. Firewalls are helpful "but not sufficient," he explains. CISOs must assume their network has already been breached and ensure there is no lateral attack on the network.

"What we've discovered in our research is that certain malware packets are able to enter the network by being sufficiently small and low profile - effectively entering under the radar," he explains. Once inside, it needs to contact the master command-and-control server to know what to do next. The way it does this is characteristic of that type of malware attack.

HP is addressing modern printer risks like this with a tool called Connection Inspector, which analyzes outbound network connections typically targeted by malware. It detects anomalous behavior and, if necessary, triggers a reboot to go back to a known version of the BIOs. This accelerates response speed, Wingate says, which is important given the security skills gap.

"If you have a human in the loop, who needs to be notified that there's a malware penetration, and he or she delays the response on solving the issue that undermines the security of the entire network," he explains.

Other new tools aim to improve security amid cloud growth and the rise of remote work. HP Roam, a Pull Print solution built in the cloud, lets mobile workers hand off documents and print them, then erases the job off the printer once the job is complete.

"Whether it's a sales rep in the field, an insurance agent, or any other 'road warrior' in the field, they sometimes must print," says Wingate. "And if they're not at home, and they're rarely at the office, where do they securely print? They don't securely print."

[Hear Arctic Wolf's Sam McLane discuss "Targeted Attacks: How to Recognize Them From the Defender's Point of View" at the INSecurity conference at National Harbor, Md., on Wed., Nov. 29. Register here.]



Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Recommended Reading: