The security risk of networked printers

Networked multifunction printerNetworked multifunction printers are the norm, nowadays, in offices and home-offices across the world.

Priced to pleased and loaded with popular features, they’ve come to be seen as the discreet yet efficient office multifunction sidekicks that sit politely in their place, waiting to receive new jobs, over the network.

What almost everybody forgets it the security risk networked printers represent. Combining several functions in a single unit, including fax, copy, print and scan, these devices are likely to be compromised by hackers.

Since nobody pays close attention to these seemingly mundane devices, they can easily be hacked under the IT Surveillance Team’s radar which, typically, has other (more pressing) threats to deal with, namely on the web server front. In the case of multifunction printers, the attacks are as likely to come from inside the office as from the outside world, which add to the severity of the security risk.

What’s the big deal if the networked printer secretly slides under a hacker’s control?

Well, for one thing, the hacker could view, collect, steal or distribute everything that goes through the device. Imagine your competitor electronically getting all your latest business proposals — that would surely endanger your entire company.

The following types of attacks are most likely to occur within the realm of your office’s multifunction printer so make sure to learn about these attack scenarios:

  • DoS – Specialized malware can be programmed to crash printers and scanners, therefore disrupting paper-based business operations.
  • Code execution – Hackers can exploit vulnerabilities to load a rootkit into printers, thereby hijacking all documents passing across the network (not just the compromised device).
  • Document spying – Featring built-in network, fax / modem and LAN / WAN capabilities, there are a variety of ways to smuggle the stolen data out of an organization, once it’s been captured.
  • Credentials theft – If users need to enter a password for certain operations, such as scanning to email, an attacker can capture user names and passwords to gain further access to network resources.

While they may look harmless, modern multifunction printers aren’t dumb machines anymore. IT Admins need to pay attention to these devices’ vulnerabilities and weaknesses to be in a more favorable position where they can apply patches and, at the very least, prepare comprehensive risk-management strategies.

A word of caution also to the multifunction printers that can be accessed through an online authentication interface, through any web browser. Though this system is remarkably convenient for end-users, such authentication methods can easily be bypassed to launch commands which may completely hijack the device.

If you’re serious about closing all prime networked entry points for hackers, perhaps ou should also include all multifunction printers connected to your network.

Tags: network, printers, hackers, hijack, devices, business, authentication, security

Laisser un commentaire

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.