If you plugged your printer into your network and are using it with all the default settings, then your business network and information systems are like a house with the front doors open and intruders beckoned in.
Printers are no longer in use as much as before, and so the vulnerability to cyberattacks arising therefrom may be inexistent from the simple fact that your business processes do not require you to have one, and that is a very good thing indeed.
But the logic of this post equally applies to most Internet of things (IoT), such as security cameras or smart home devices, and even more pertinently, operational technology (OT) devices in the workplace.
These objects are very “smart” in procuring expediency and convenience but daft and stupid in cybersecurity terms! And this is quite literally the case because in contradistinction to information technology (IT), OT devices contain small-brained proprietary operating systems lacking in sufficient processor power to support security tools and technologies built into their IT counterparts.
Built for Convenience and Functionality, Not for Network Convergence and Security
Also, unlike full-fledged IT devices, OT devices including printers were built, not with network security in mind, and for use in mostly wired networks and in situations of air-gap security by way of isolation from other devices was sufficient to make breaches very unlikely and uncommon.
That has now all changed with the increasing convergence of IT-OT in LAN that connect to public networks and the internet, to deliver all the innovativeness that we are now accustomed to.
Most modern printers are remotely accessible from anywhere in the world without passwords.
This is administrative privilege and is a dream gateway into your network from which unwelcome intruders are not only able to directly access sensitive information stored in your printer including documents or even network passwords but can then laterally navigate your network as well as escalate their privileges.
Near your business premises or at home, if you work from home, anyone at all can access the devices using Wi-Fi-Direct, which is open access Wi-Fi protocol bypassing all forms of security safeguards such as your router and firewalls, and any other technology intrusion prevention technology that you might be relying upon for system hardening and protection.
This front-door, free and unfettered access to your network applies to like features such as AirPrint, bonjour, and e-print, et cetera in most modern printers. Importantly data transmission over public networks using these features is often via unencrypted HTTP traffic.
The bypass of system security features will include monitoring logs and other evidence of digital footprint that you may have configured, quite advisedly.
Literally speaking, your doors are not only open, but you are also full body naked around your windows with your blinds not drawn.
Remedying the Situation
- Access your printer via applications that come from the manufacturer or via a web browser on another device connected to the same network as your printer, using its IP Address. The printer manual is useful to consult at this point.
- Disable every convenience feature that is not necessary for your business processes such as Wi-Fi direct, AirPrint, e-print and web services.
- If you really need these features, then make sure that the optimum security configurations are in place including the most secure wireless protocol supported, preferably WPA3 for small office or home office (SOHO), and WPA-EAP for entreprise.
- The security setting should include limiting access to accounts, devices that need access, and monitoring and logging of access and usage, including setting alerts for unusual activity.
- Change the admin password from the default 12345678 known to the eight billion people in the world, to something reasonably difficult to guess or brute force. This will usually be via the advanced settings options or something similar depending on your printer model.
- Enforce network segmentation and place printers and other Internet of things and OT in a separate network isolated from where more sensitive data live, to limit lateral movement and privilege escalation. Ideally that network should be robustly firewalled off other networks.
- This seemingly stringent action is necessary since IOTs, and printers are notorious for having unpatched vulnerabilities and irregular updates. Malicious actors routinely remotely scan devices in search of such vulnerabilities through which they can execute all sorts of attacks.
- And as part of a good cybersecurity hygiene practice, strive to ensure that driver and firmware patches and updates are applied, whenever they become available from the manufacturers.