Even Printers Can Now Spy on Your Information and Vandalize Your Documents
They might seem harmless at first glance, but those printing machines can be made to turn against you or your business. Printers are everywhere—in households, schools, offices, government agencies, etc. As useful as these machines are, they’ve long been devoid of any form of basic security. Combine their ubiquitous nature and their vulnerability to cyber attacks and you’ll see why experts have long regarded network printers as prime targets for hackers.
In a recent hacker conference, security experts reveal in detail how something as humble as a printer can be made to do malicious activities. It looks like we shouldn’t take this security concern lightly.
Susceptibility in Connectivity
During Black Hat 2017, Ruhr University Bochum’s Jens Müller emphasized how people shouldn’t turn a blind eye on their printers for reasons of personal security. He reveals that in the hands of shrewd hackers, such humble machines could do anyone considerable damage.
A hacked printer, he said, can do anything from stealing personal info to defacing everything you print. It can even be bricked with a simple denial of service (DoS) attack. And because printers are ubiquitous, it means anyone or any organization can fall victim to them.
To make matters worse, most of today’s printers come with Internet connectivity. Meaning, they’re pretty accessible to hackers who may be lurking the WWW for their next target. To be fair, though, the same susceptibility applies not only to printers, but also to connected devices like VoIP phones and routers.
Ways a Printer Gets Hacked
Müller highlights that inherent weaknesses within printer protocols make them vulnerable to a variety of attacks. Those include information espionage, denial of service, print job manipulation, and protection bypass.
He notes that the vulnerabilities in printers have been documented for more than a decade already. The dilemma persists to this day and anyone interested in both hacking and protecting such equipment definitely has ample time to study both sides of the fence.
On a related note, here are 4 ways your printer can get hacked.
Printers Disclose Personal Information
Recall all the financial statements, confidential reports, and personal transactions you’ve ever printed—they can all be stolen right under your nose. It’s truly terrifying when you think about the possibility that your printer could be tampered by an attacker to steal sensitive documents. Müller reveals that he has done this horrific possibility and it should scare anyone who owns a printer.
Müllerfurther reports that it only takes a single command to program printers to save print jobs to its internal memory and another to retrieve the details on a later date. He reassured the audience, however, that the feat was anything but easy. A malicious party would have to figure out if a printer has a physical memory available and this could be outright difficult, especially if the machine sits comfortably behind a firewall. That, or inside a closely monitored copy room.
Denial of Service Attack
Among the attacks a hacker can perpetrate on a printer, this one is the easiest to do. As its name implies, your printer will deny you service after this kind of cyber attack. Müller simply sent a print job containing a single line of PostScript code and he essentially set the printer into an infinite loop, effectively rendering it useless to anyone else who wanted to print something.
Printing machines are vulnerable to this hack because they use a programming language, called PostScript, that performs both administrative functions and translates files into print jobs. It’s easy to fool a printer that you’re telling it to make permanent changes rather than produce a hard copy with a DoS attack.
Vandalizing Subsequent Print Jobs
Tampering somebody else’s printed reports is something that some of us probably may have plotted against a person we especially don’t like in the office. As it turns out, anyone can maliciously manipulate print jobs.
In Müller’s demonstration, he used the unique facet of PostScript wherein a change made with one print job could be made permanent for all subsequent prints. Using an overlay command, he placed a Black Hat conference logo over any document produced from a targeted printer. He shares that hackers can even introduce permanent misspellings for any print a certain user does.
Bypassing Password-Protected Printers
Let’s say a savvy network administrator sets passwords in place for all vulnerable devices, including network printers. While this is a wise countermeasure against hackers, Müller shares that a single line of Printer Job Language (PJL) code, another printer protocol, can reset the device to its factory settings. Doing so essentially removes the password designated by the administrator, leaving the printer vulnerable to hacks.
Reason for the Vulnerability
Printing protocols, which translate files into something printers can put to paper, aren’t secure at all. Both the Printer Job Language by HP and the PostScript by Adobe are printer languages that don’t define the difference between commands and print jobs. Printers often execute code written in either protocols even when those codes are contained within print jobs. “You have data and code over the same channel, and that’s always a bad idea,” Müller shares.
“In the long-term actually we need to get ride of insecure printer languages,” the researcher continued. He admits that it may still take a while before this resolution comes around. Müller urged printer manufacturers to undo unsecure designs like blocking TCP port 9100.
How to Protect Printers for the Meantime?
With these destructive threats, Müller advises printer owners to sandbox their machines into a separate VLAN. The virtual LAN should only be accessible through a hardened print server, too.