Everyday printers seem like bulky, if innocuous, pieces of office furniture. But recent experiments show newer generations of Internet-enabled printers can pose serious risks to business data security and confidentiality.
A researcher camouflaged a Raspberry Pi motherboard and two phone antennas inside an office printer and managed to intercept telephone calls and text messages.
Masquerading as a regular cellular service provider, Stealth Cell Tower surreptitiously catches phones and sends them SMSs written to appear they are from someone that knows the recipient. It does this without needing to know any phone numbers,” the research paper reads.
The truth is printers are an undervalued target – especially now, as they carry technologies such as Ethernet and Wi-Fi as alternatives to USB connectivity. Most modern printers allow mobile printing through Wi-Fi access points as well as printing from cloud-storage and document management websites.
Yet, administrators overlook printers and have no security solution dedicated to them. Attackers can take advantage of these vulnerabilities to control printers to make pranks, transmit faxes, change settings, launch denial-of-service (DoS) attacks, or retrieve saved copies of confidential documents. In a business, an unprotected shared printer can jeopardize the entire corporate network.
In fact, Wi-Fi printers are some of the most security-flawed devices, according to Bitdefender’s Internet of Things threat intelligence reports. Most printers are secured with a weak username-password combination that can be easily brute-forced.
A lot of printer passwords are stored in plain text and can be accessed via Simple Network Management Protocol, for instance,” says Alexandru Balan, Chief Security Researcher at Bitdefender. “Printer hard drives can be used as covert storage units for malware that harvests confidential data, to send out spam but, more importantly, printers can act as beach heads to attack PCs in the same network.”
So, when it comes to printer security, here are some key measures to take to stop devices from going rogue:
- Password-protect printers to prevent settings changes
- Encrypt connections to access the admin control panel and to secure documents travelling from computer to printer
- Disable unnecessary features that could expose the printer to the Internet
- Update firmware and drivers regularly