A New Era for Armis: Turning the Hunter into the Hunted

Learn More
Mar 13, 2019

SHIoT HAPPENS: Could a Hacker Weaponize Your Printer?

Organizations know they should use anti-malware software to protect endpoints from exploits. When IT admins think of “endpoints”, though, they generally think in terms of desktop and laptop computers—and possibly mobile devices like smartphones and tablets. But how about networked printers?

Printers are just simple devices that turn digital documents into physical documents printed on paper, right? Wrong. Surveys show that approximately 18% of enterprises admit that a hacked printer was the cause of a significant network breach, yet printers are commonly ignored when a company analyzes its security posture and its exposure to risk. What possible value could a printer have for an attacker, and what possible challenge could it create from a cybersecurity perspective?

When is a Printer a Risk?

There are many published reports that explain how easy it is to hack a printer, including some great presentations at Black Hat and other conferences. Last summer, Armis research found that 66% of manufacturers ship printers that are vulnerable to a DNS Rebinding attack. This kind of attack takes advantage of a flaw in web browsers that allows a remote attacker to bypass a victim’s network firewall and to use their web browser as a proxy to communicate directly with vulnerable devices on the local network.

What makes the issue worse is the fact that IT departments tend to connect printers to the network without fully configuring them, or they make egregious mistakes like leaving default passwords in place. Networked devices with default passwords are a gold mine for attackers, making printers easy targets and ideal candidates for attack.

What’s the Worst that Could Happen?

So, an attacker gains access to your network printer, what’s the worst that could happen? Well, the potential impact ranges from annoying mischief to expensive fines for violating privacy compliance rules, to having an attacker use the printer as a foothold to attack more valuable endpoints on your network.

A recent incident that falls into the annoying mischief category happened in late November 2018 when a hacker hijacked more than 50,000 printers around the world and caused them to print out fliers directing people to subscribe to the YouTube channel of online personality PewDiePie. It was super easy to do— someone just used Shodan to scan the Internet for vulnerable printers, then they used an open-source hacking tool called Printer Exploitation Toolkit (PRET) to print out a document. While this attack did little actual harm, it does illustrate the potential for more serious attacks or compromises—particularly for Internet-facing devices with default passwords.

Things could be much worse—and significantly more damaging to a company’s reputation—if an attacker managed to gain access to one of the high-end network printers that have data storage capabilities and retain documents in memory for some period of time. If an employee used that printer to print sensitive customer data, health information, credit card or Social Security Number data, or confidential company information or intellectual property, it’s possible that an attacker could steal that information.
An attacker could also hijack a printer and use it for a denial-of-service (DoS) attack, spam distribution, or to store malware on it to distribute to other systems on the network. Once compromised, an attacker could take control of those devices and could use them to attack deeper into the enterprise network.

Don’t Leave Your Printers Exposed

Most people may not think of a printer as an IoT device, but once you give the printer an IP address and connect it to the network, it is part of the Internet-of-things. Traditional security tools and practices were not designed for IoT, and they’re not equipped to adequately protect an IoT ecosystem. Taking steps today to implement solutions that protect you from his new attack surface is critical as more connected devices join your network, along with the potential threats they bring with them.

Get Updates

Sign up to receive the latest from Armis.