When you think about where security threats are within the office, you probably think immediately about your computers or maybe personal phones used by employees. However, your office printer has presented security risks for decades.
"Since the inception of LaserJet printers in the late 1980s, the printers have faced security issues," explained Ashish Malpani, director of embedded solutions product marketing at HID Global, a manufacturer of secure identity solutions. "However, with the advent of networking, the networked printers along with embedded web servers and vulnerabilities in PostScript processing, printer security got attention in the late 1990s."
When printers then morphed into the multifunction machines they are today, it expanded the possible attack vector. Today, the printer may be the most vulnerable piece of equipment in the office; yet, it often gets less security attention or protection than other devices accessing the network.
This can open the company to serious security problems, according to Jason Rader, national practice director of security services at Datalink, an Insight company. "Given their storage capabilities, printers also contain enormous (and often sensitive) data, which includes every document that's been printed or sent via that printer," he said. In addition, because printers are connected to company emails, a hacker can gain access to the information and email it to him or herself.
Specific security risks
Printers are risky because IT staffers aren't taking the necessary steps to protect them or the data accessed through them. One of the most critical moves – changing the default password to something strong and unique – is too often never taken. Ignoring that simple step gives almost anyone access to the printer. Malpani added that modern multifunction printers (MFPs) face a range of threats and vulnerabilities, including the following:
- Unauthorized access to print data – Someone walks over to the printer and accesses documents that belong to someone else.
- Unauthorized configuration changes: Someone changes the printer configuration to route the print jobs.
- Print job manipulation: This includes replacing the print content for others, inserting new content in the print jobs, and deleting logs to interfere with repudiation.
- Print data disclosure: This includes accessing the print data from the memory, file system, print jobs and hard drives when printers are decommissioned.
- Printer as an attack point: A compromised printer can be used to attack other applications, execute arbitrary malicious code or attack other systems (e.g., to launch a denial-of-service attack on the printer or network).
- Cloud printing risks: The inherent risk in cloud printing is that the print job is rendered on public infrastructure and sent to the printer using something like PostScript. This approach is susceptible to middleman attacks or someone trying to gain access to the enterprise network through cloud printing channels.
Wireless printing opens up even more access points for attackers. "With Wi-Fi, an attacker can carry out proximity attacks like getting the printer to connect to a malicious network and then execute harmful code, etc., while being outside of the walls," Malpani said.
Best practices to protect the printer
Protecting your printer from threats isn't much different from protecting any other device on the network. It begins with basic steps such as making sure to secure your printer (not just your server), patching general vulnerabilities via updates to your printer's operating system, changing passwords regularly, turning on authentication, and turning off services that are not being used.
Don't ignore the employee connection to printer security. "It is critical to include printer security in the security policy and employee training," said Malpani.
Office printers are set up for convenience, access and full control within the walls of the office. However, more and more often, these devices can be accessed from outside the walls of the enterprise, sometimes by the company so it can print remotely, sometimes by the vendor or partners doing proactive maintenance, and often by the suppliers who need to know when to bring more toner, said Chris Roberts, chief security architect at Acalvio, a provider of advanced threat detection and defense solutions.
"Each of these is an attack vector into a device that very much has all of your secrets in one place."