Industry News

Printers gone rogue – what’s the worst that can happen?

Serious Security Holes Exposed in Samsung, HP and Dell Printers, Researchers Say

Everyday printers seem like bulky, if innocuous, pieces of office furniture. But recent experiments show newer generations of Internet-enabled printers can pose serious risks to business data security and confidentiality.

A researcher camouflaged a Raspberry Pi motherboard and two phone antennas inside an office printer and managed to intercept telephone calls and text messages.

Masquerading as a regular cellular service provider, Stealth Cell Tower surreptitiously catches phones and sends them SMSs written to appear they are from someone that knows the recipient. It does this without needing to know any phone numbers,” the research paper reads.

The truth is printers are an undervalued target – especially now, as they carry technologies such as Ethernet and Wi-Fi as alternatives to USB connectivity. Most modern printers allow mobile printing through Wi-Fi access points as well as printing from cloud-storage and document management websites.

Yet, administrators overlook printers and have no security solution dedicated to them. Attackers can take advantage of these vulnerabilities to control printers to make pranks, transmit faxes, change settings, launch denial-of-service (DoS) attacks, or retrieve saved copies of confidential documents. In a business, an unprotected shared printer can jeopardize the entire corporate network.

In fact, Wi-Fi printers are some of the most security-flawed devices, according to Bitdefender’s Internet of Things threat intelligence reports. Most printers are secured with a weak username-password combination that can be easily brute-forced.

A lot of printer passwords are stored in plain text and can be accessed via Simple Network Management Protocol, for instance,” says Alexandru Balan, Chief Security Researcher at Bitdefender. “Printer hard drives can be used as covert storage units for malware that harvests confidential data, to send out spam but, more importantly, printers can act as beach heads to attack PCs in the same network.”

So, when it comes to printer security, here are some key measures to take to stop devices from going rogue:

  1. Password-protect printers to prevent settings changes
  2. Encrypt connections to access the admin control panel and to secure documents travelling from computer to printer
  3. Disable unnecessary features that could expose the printer to the Internet
  4. Update firmware and drivers regularly

About the author

Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs. She has since wielded her background in PR and marketing communications to translate binary code to colorful stories that have been known to wear out readers' mouse scrolls. Alexandra is also a social media enthusiast who 'likes' only what she likes and LOLs only when she laughs out loud.


Click here to post a comment
  • You neglected to mention the first, most important printer security measure: physical security! If someone can physically access the printer, open its case, and insert some rogue hardware, the other measures don't matter. Considering that the Stealth Cell Tower could just as easily have been inserted into a vending machine or a coffeemaker, I think this article should have focused more on physical security than on printer security.

  • Good point, hardware security should also be included on the to-do list. Thanks for sharing your opinion on this!