Is Your Printer Your Weak Security Link?

What are printer-specific security risks?

Despite receiving little security attention, printers can potentially contain significant amounts of sensitive data. When not secured, printer security risks can play a role in costly cyberattacks.

“Since the inception of LaserJet printers in the late 1980s, the printers have faced security issues,” said Ashish Malpani, former director of embedded solutions product marketing at HID Global, a manufacturer of secure identity solutions. “However, with the advent of networking, the networked printers along with embedded web servers and vulnerabilities in PostScript processing, printer security got attention in the late 1990s.”

Any connected device can potentially pose a network security threat. Printers are no exception, and their presence on a network can open the company to serious security problems. 

“Given their storage capabilities, printers also contain enormous (and often sensitive) data, which includes every document that’s been printed or sent via that printer,” said Jason Rader, vice president and chief security officer at Insight. Additionally, because printers are connected to company emails, hackers access the information and email it to themselves. 

Printers are especially risky because many IT staffers aren’t taking the necessary steps to protect them or the data accessed through them. One of the most critical moves – changing the default password to a strong password – is too often never taken. Ignoring that simple step allows almost anyone access to the printer. 

Multifunction printers are vulnerable to more threats.

Malpani cautioned that modern multifunction printers face an even broader range of threats and vulnerabilities.

• Unauthorized access to print data: Anyone could walk over to the printer and access documents belonging to someone else.
• Unauthorized configuration changes: Someone could change the printer configuration to route print jobs.
• Print job manipulation: Print job manipulation includes replacing the print content for others, inserting new content in the print jobs, and deleting logs to interfere with repudiation.
• Print data disclosure: Print data disclosure includes accessing the print data from the memory, file system, print jobs and hard drives when printers are decommissioned.
• The printer as an attack point: A compromised printer can be used to attack other applications, execute arbitrary malicious code, or attack other systems (e.g., to launch a denial-of-service attack on the printer or network).
• Cloud printing risks: The inherent risk in cloud printing is that the print job is rendered on public infrastructure and sent to the printer using something like PostScript. This approach is susceptible to middleman attacks or someone trying to access the enterprise network through cloud printing channels.
• Wireless printing risks: Wireless printing opens up even more access points for attackers. “With Wi-Fi, an attacker can carry out proximity attacks like getting the printer to connect to a malicious network and then execute harmful code, etc., while being outside of the walls,” Malpani said.

What are printer security best practices?

Protecting your printer from threats isn’t much different from protecting any other device on the network. Securing your printer will improve your business’s overall cybersecurity. Here are some of the best practices to follow:

• Keep the printer’s operating system up to date. Updates provide enhanced printer security. Some updates even fix security breaches.
• Change user PINs and passwords to the printer regularly. If a password is the same for a long time – or the same across all devices – the chance of a security breach is higher. As always, avoid using passwords that include personal information, including your phone number, address, Social Security number or other identifiers. Do not use common passwords such as number patterns (1234, 4321, etc.), the actual word “password,” or your name.
• Turn on two-factor authentication. Some applications, such as Duo, require users to authenticate their identity on multiple devices to have access. For example, if a printer requires a personal PIN, you could enter the PIN and use a two-factor authentication app to prove your identity on your phone or computer.
• Turn off services that are not being used. Removing these applications or options means there are fewer ways for someone to hack your printer.
• Place the printer on a separate, dedicated network within your office. Placing the printer on a separate network won’t eliminate the threat of attackers stealing data from your printer, but it will stop attackers from using the printer as a potential entry point into your broader corporate network. 
• Don’t ignore your employees’ connection to printer security. Train employees on secure printer best practices, and include this information in your employee handbooks. “It is critical to include printer security in the security policy and employee training,” Malpani said.
• Be aware of multiple attack vectors. Office printers are set up for convenience, access and complete control within the office walls. However, more and more often, these devices can be accessed from outside the walls of the enterprise, sometimes by the company so it can print remotely, sometimes by the vendor or partners doing proactive maintenance, and often by the suppliers who need to know when to bring more toner, according to Chris Roberts, senior director and CISO for Boom Supersonic. “Each of these is an attack vector into a device that very much has all of your secrets in one place,” Roberts said.

Jeremy Bender contributed to the writing and reporting in this article. Source interviews were conducted for a previous version of this article.