Keep The Wolf away from your Data
5 April 2017
Hackers and cybercriminals want their victims unprepared, unaware and – most of all – confused. They want to hit companies where they least expect it, create chaos and, while you’re distracted, slip away with something good. To these people, unprotected printers are a gift. As the video says, there are hundreds of millions of business printers in the world and less than 4% of them are secure. They provide an easy way into our networks and an easily raided source of documents and data. They might even give hackers the keys to more valuable stuff.
The Unwatched Back Door
Why printers? Partly it’s a question of the weak points in business IT systems. PCs, servers and network infrastructure are always going to be tempting targets, but they’re also the focus of the most rigorous security endeavours. The more operating systems are strengthened and security holes tightened up, the more the hackers look for other ways in, including mobile devices, IP cameras and, most of all, printers. After all, nearly every enterprise has one, the largest will have hundreds, and they’re not often properly secured, audited or replaced.
What makes them even more enticing is that printers aren’t just printers. They haven’t been for years. Even older networked office printers will have processing power, RAM, an operating system and hard disk storage. They may also scan and copy, working within complex document workflows. The hard disks they contain may hold dozens of passwords, routing info, contact lists and hundreds or thousands of print jobs, including the kind of sensitive documents that would warrant high levels of security elsewhere. They’re both a route and a terminus for sensitive information, making them a natural target for network sniffing probes. The old network printers in the corner of your office might just be printers to you, but for hackers they’re fresh meat on which to feast.
The more sophisticated they are, the more central a role they play in company workflows, the more useful a back door your printers become. What’s more, when you have a large fleet, it becomes even more challenging to apply all security measures across every device. Even companies that are paranoid about their servers, desktops and laptops may have little idea of how secure or not their printers are. They’re unlikely to have any formal auditing process.
This isn’t a theoretical concern. A 2016 report by the Ponemon Institute found that 60% of the companies surveyed had had a data breach involving printers. In February this year, researchers at the University Alliance, Ruhr, discovered vulnerabilities in a wide range of common office printers, while, in a separate event, a hacker forced over 150,000 office printers to print pages warning that they could easily have been subsumed into a botnet. Why then, according to the Ponemon Instutute study, do 54% of enterprises have no – yes, no – printer security strategy in place?
So, what risks are businesses facing here? At the lowest level, you could see attacks from the network or the wider Internet that send unwanted print jobs through the printer, force multi-function devices to make copies or send faxes, change the display or even lock the printer. They could also install malware or hacked-firmware to the printer, giving them a way in to the device and your network whenever they need it.
What’s really worrying, however, is when they start using that access to steal your business’ data. Given access, attackers can alter or reroute a print job or open documents stored in the memory or on the hard disk. They can scour the hard disk for cache files and valuable data, or set the printer to forward print jobs to another location. They can eavesdrop on the network traffic flowing through the printer, capturing documents as they’re being printed, sent or scanned. Nor does it matter if the material they find doesn’t have immediate value; as the video shows, the info stored in one print job might provide a way in to other systems with more valuable data.
Finally, don’t forget mobile devices. Many office printers support for them, sometimes wirelessly, yet not all mobile devices are equally secure, leaving channels open for hackers to exploit. In a world of mobile business it’s sensible to make mobile access easy, but IT teams need to manage that access and make it safe. Otherwise individual departments and employees have a nasty way of finding workarounds, often exposing you to more vectors of attack down the line.
Protect your Printers, Bar the Door
These threats are real, but we don’t have to leave our printers unprotected. With the right precautions and technology in place, we can keep the cyber-criminal wolf from the door.
- Apply the latest firmware updates to plug holes
Printer firmware updates are no longer about adding features or fixing bugs but about patching vulnerabilities and covering security holes. Keep your printer updated and if your manufacturer no longer provides updates, think seriously about upgrading your printers.
- Find a better way to manage printers
Configuring and patching every printer is a problem, but not with modern network administration tools. HP’s Web Jetadmin, for example, makes securing and enforcing policies on a whole fleet of printers relatively easy. Meanwhile, with HP JetAdvantage Security Manager you can create a single security policy according to recognised enterprise standards, then roll it across the entire printer fleet. Through HP Instant-on Security, new printers added to the network will be automatically configured as they join.
- Encrypt and secure
If possible, keep the data on your printer’s hard disk drive encrypted – all HP printers with an HDD have it encrypted by default. You can also enable SSL for when you manage or configure your printer across the Web, and encrypt print jobs in transit, too. For example, HP’s Universal Print Driver provides optional AES 256-bit encryption when it’s sending jobs to print.
- Replace older printers
Modern printers will have stronger firmware and incorporate technologies like HP SureStart, which checks the printer’s BIOS when the printer starts up and, if it’s not legitimate, rolls-back to one that is. Technologies like this can keep even expert hackers at bay.
- Disable unused ports
Printers may have network ports left open for no reason, providing access for FTP or Telnet clients that are never used. USB ports may also be unnecessary in a networked office environment. Closing these openings down can give you fewer entry points to guard
- Secure remote and mobile printing
Make sure you’re using enterprise-grade, secure connection technologies like HP Wireless Direct Printing, HP JetAdvantage Connect and HP Private Print rather than more open, insecure technologies.
Your printers could be your worst security nightmare, but only if you let them. Don’t be a sheep; prepare your defences, understand the risks and don’t let yourself be confused. That’s the way to keep the wolf at bay.