Why would a hacker want my printer?
Networked printer security is often an overlooked security vulnerability area and being overlooked is what a hacker with malicious intent (we'll call them "black hats" here) looks for when wanting to penetrate a network or subnet.
Why would a hacker want my printer?If a black hat is looking to gain access to a network they will scan all devices on the network by going to each IP address within a given network address block. Scanning allows them to look for IP addresses that are live or awake and listening to the network adapter. Once the hacker's scan program finds a device it may look further or store information for more in-depth scanning later. The in-depth scanning is where they look for overlooked security vulnerabilities and default passwords. Networked printer security depends upon the intervention of a human to make sure the printer firmware has been updated and any default passwords have been changed.
Unless a network printer is configured correctly before placing it into service it can become a target for black hats to get into your network to produce denial of service attacks or as a launching point for other attacks on your network. Many network printers come with upgradeable firmware allowing you to upload patches to your printer. These firmware upgrades are provided by the manufacturer for security faults in the software or for additional features.
Other printers also come with web servers built into them with configuration manager software. The web servers are setup with a default user and password that needs to be changed. Black hat hackers look for printers without changed passwords in order to easily download their own malicious tools.
What can a hacker do with your network printers?
If basic networked printer security is not followed, black hats will attempt to do all or part of these:
- Install Doom - a first person shooter game can be installed on the printer through a web interface flaw. They would mainly only so such a thing for fun/as a prank, but it is unlikely they will bother to do this remotely, since they can't play the game remotely, which is half the fun
- Install DoS tools – (Distributed) Denial of Service (DoS/DDoS) tools installed on one or more printers on your network could flood your network with unwanted traffic slowing everyone to a snails pace or possibly crashing the network entirely.
- Reroute printing – using the printer configuration black hat hackers could route all print jobs from your printer to any printer on the internet even the black hat's own printer or workstation.
- Gain access to printed jobs – printers and copiers sometimes store print jobs in memory until the memory is over written. Black hats could gain access to these print jobs by looking through memory.
- Install black hat tools – tools could be installed on the printer allowing the black hats to scan your internal network looking for vulnerable devices.
If you're worried about personal data being mined or acquired, take a deep breath, and check out our article on printers storing personal information.
What are the basic networked printer security procedures to follow?
Printers as well as any other device with an embedded operating system can be can be hacked due to security vulnerabilities. Your own PC you use at home or at work runs a similar operating system (OS) like Linux or Windows and these OS’s are updated for bugs and security flaws constantly. To keep your network printer from falling into the hands of a black hat you will have to look to the manufacturer for updates to the embedded OS. These patches or fixes either come with a utility or the management software for the printer has the utility built to update the printer firmware.
Printers that are taken out of the box, given an IP address with no other security considerations can be the most dangerous device on your network. If a printer has a web management interface that allows configuration via a web browser you will need to connect to the web browser and either disable the web management or change the default password to the administrator account. Without the password change or the web management disabled your printer is a target just waiting to be hacked at some point in time. The first thing black hats do is scan a network looking for vulnerable devices. Once a device is found they try gaining access with the default passwords. If they find one device they will find all other devices on your network with default passwords still configured.
Printers do not need to be configured with a publicly routable IP address. Within your own network you can create private subnets using the non-routable IP addresses of 10.x.x.x or 127.x.x.x address ranges. Placing all of your devices or printers that do not need to have a public and routable address into the private address range allows only those computers on your network or connected via virtual private network (VPN) access to those printers and devices. Placing your printers into a private subnet still means you have to address security flaws in the printer firmware and change the default passwords because computers on the public network could become compromised allowing black hats access to your printers through the compromised computer.
Some of these things are not as simplistic as they are explained here, but the gist is, you need to enhance network security measures in order to be safe, and if you don't know how to do this, we can certainly help get you on track.
Quick Key to Hacker "Hats", since hackers aren't inherently "good" or "bad":
Black Hat - Malicious intent, usually for personal gain, will NEVER ask your permission to hack you
Gray Hat - Typically no malicious intent, unless the pay out is the only motive. Will hack for good or evil, usually "forget" to ask permission to hack you
White Hat - The good guys in the security realm, usually working for legitimate firms, will ALWAYS ask your permission to hack you
