It’s long been established that printers attached to networks often are poorly defended and a weak link that security criminals exploit routinely. After all, the hard drives embedded in these devices often contain images of sensitive documents ranging from passports to purchase orders. Despite the increased awareness of this issue, however, a new report from NCC Group, a provider of cybersecurity services, finds printers from six manufacturers that are known to be employed widely in the enterprise have dozens of vulnerabilities that can be exploited easily.
NCC evaluated printers from HP, Ricoh, Xerox, Lexmark, Kyocera and Brother. Its research found the printers were susceptible to everything from the ability to spy on every print job sent and send print jobs to unauthorized parties to denial-of-service attacks. The specific printers tested were the:
- HP Color LaserJet Pro MFP M281fdw
- Ricoh SP C250DN
- Xerox Phaser 3320
- Brother HL-L8360CDW
- Lexmark CX310DN
- Kyocera Ecosys M5526cdws
Mario Rivas, senior security consultant of NCC Group, said all the vulnerabilities discovered by NCC were shared with the printer manufacturers and have since been patched. System administrators are advised to update all vulnerable printers with either the latest firmware or forthcoming updates. However, most organizations tend to overlook the need to install updates to printers unless those updates are delivered as part of an ongoing managed service.
Printer manufacturers have been making a case for replacing printers with new models that are more secure for several years, with mixed success. Most organizations may not replace printers more than twice a decade.
Rivas said the first line of defense when it comes to printer security is to reduce the size of the attack surface. Printers often are loaded with software modules that nobody uses. Removing those modules makes it less likely a vulnerability can be exploited, he said.
At the same time, organizations need to ensure a robust set of access controls are in place to make sure no one is remotely accessing in an unauthorized manner, Rivas said. Ideally, printers should be on their own segregated networks, he added.
In most organizations, cybersecurity teams are so busy trying to defend the rest of the IT environment that finding the time to secure a printer can be challenging. The good news is as more organizations start to address cybersecurity issues stemming from internet of things (IoT) deployments, it becomes apparent quickly that one of the most prevalent things connected to the internet is a printer. Many of the tools and processes for securing IoT devices also can be applied to printers, Rivas said.
It’s worth noting almost every sensitive document an organization has eventually winds up on the hard drive of a printer. No one appreciates that simple fact more than cybercriminals, who have ready access to the tools needed to scan for networked printers. In fact, most cybersecurity criminals would much rather hack a printer than go to the trouble and expense of building a complicated piece of malware.