(March 18, 2024) Despite the rapid digitalization of business processes, 70 percent of organizations depend on printing. This dependence creates security risks. Almost two-thirds (61 percent) of organizations have suffered data loss due to unsecured printing. More than a quarter (27 percent) of security incidents are related to paper documents and the printer environment.
These are some of the findings of Quocirca’s 2023 Print Security Landscape Report. Today’s printers are networked, making them as vulnerable to security threats as any other device. These vulnerabilities have been known for years. The 2016 Weev hack, 2017 Stackoverflowin hack, and 2018 PewDiePie hack all compromised tens of thousands of printers.
More recently, the PrintNightmare exploit led Microsoft to issue an emergency Windows patch in August 2023. First released in 2021, PrintNightmare enables a hacker to control a vulnerable computer remotely.
Still, respondents to Quocirca’s survey do not prioritize printer security. Only 45 percent of CISOs said they were very or somewhat concerned about printer security risks.
Why Do Printers Have Such Weak Security?
In December 2023, Microsoft announced it was developing a more secure print environment called Windows Protected Print Mode. WPP will eliminate many legacy vulnerabilities and run the print spooler as a user rather than at the system level. It will also eliminate third-party print drivers, which are notoriously vulnerable and often incompatible with Windows security features.
However, device manufacturers have traditionally treated security as an afterthought. Many printers and multifunction devices (MFDs) have weak default passwords or no passwords at all. Small office printers have particularly weak security. A recent investigation by Consumer Reports found insecure protocols, unnecessary permissions, and other design flaws in all five brands tested.
Few organizations are taking steps to shore up these weaknesses. Default passwords and unsecure settings are often left unchanged, and patches and updates are rarely applied. Many devices now have embedded web servers for remote management, and in many cases aren’t even password protected.
What Are the Risks?
What happens if a printer’s vulnerabilities are exploited? Like any other networked device, a compromised printer could open the door for attacks across other systems. Hackers can also harness vulnerable printers to create botnets for launching Denial of Service attacks. Print jobs can be manipulated to print fake or sensitive information and send print and scan jobs to unauthorized users.
MFDs that store user credentials and scanned documents create an additional threat. Hackers who gain access to those devices could steal credentials and other sensitive data.
Some organizations have taken steps to prevent unauthorized users from accessing print jobs on shared devices. These techniques, called pull printing or follow-me printing, hold a print job in a queue until the user who submitted it is authenticated at a device and releases the job. However, this process doesn’t protect print data as it moves across the network from a user’s device to the printer. Organizations also need to secure devices, encrypt data, and closely monitor print activity.
How to Protect Your Organization
There are some simple steps organizations can take to reduce printer security risks:
- Replace the default password with a strong, unique password.
- Apply software patches and firmware updates regularly.
- Disable all printer ports except those explicitly required for your use case.
- If the device supports Bluetooth, disable that feature if it isn’t used.
- Use a firewall to prevent remote access to the printer.
- Configure devices with hard disks to automatically erase files.
- Implement encryption to protect data in transit.
- Segment the network to prevent attackers from moving freely throughout the environment.
Networked printers and MFDs may seem innocuous, but they can be serious security threats. Hackers can use them to gain entry into your environment or steal sensitive data. Mainstream is here to help you close these security gaps.
ABOUT MAINSTREAM TECHNOLOGIES
Mainstream Technologies delivers a full range of technology services in Arkansas and the surrounding region including managed technology services and consulting, custom software development and cybersecurity services. We also offer industry-leading data center services in our Little Rock facilities. Established in 1996, Mainstream has earned a reputation for delivering quality, reliable, and professional technology services for public and private-sector customers across the United States.
Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile
