While security awareness among organizations and users seems to be gaining ground, printers often remain neglected and overlooked. They’re still a common gateway that hackers use to break into your home or company network.
As demonstrated by our recent experiment – where we hijacked close to 28,000 unsecured printers all over the world and forced them to print a version of this very article – printers are still a common gateway that hackers use to break into your home or company network.
Once cybercriminals get their hands on your printer, they can do all sorts of nasty things, including:
- Accessing copies of sensitive or confidential documents stored in your printer
- Sending unauthorized print jobs
- Launching DDoS attacks
- Making you subscribe to popular YouTube channels
Fortunately, you can secure your printer against potential attacks by following a few simple steps. Here’s how.
1. Limit or disable network printing
Having an unprotected printer connected to your home or company network is like leaving an unlocked door to your room or office. So, make sure to review and disable anything that involves printing over the internet. This includes configuring your network settings so that your printer only answers commands that come via your network router.
Depending on your printer model, this can be done by:
- Pressing the wifi button on the printer itself
- Finding and turning off the wireless printing setting via the printer’s control panel
- Disabling printing over HTTP in your Windows registry settings (advanced users only)
Also, don’t forget to turn off your printer when you’re not using it – if there’s no connection, attackers can’t compromise your network.
2. Secure your printing ports
Unsecured ports are probably the easiest avenue for hackers to access your printer. This means that you should enable only those printing protocols that you will use. For example, the standard protocol for secure printing on new printers is IPPS protocol via SSL port 443, so leave that open.
All other optional, unnecessary, and rarely used protocols and services like AppleTalk, Telnet, FTP, and SNMP can expose your network to potential attacks and therefore should be turned off.
If you’re not using any of the following network ports, you should disable them:
- Ports 515, 721-731, and 9100
- Internet Printing Protocol (IPP) on port 631
- The Server Message Block (SMB) protocol should also be disabled
Don’t know how to disable these ports? See your router’s user manual to find out how.
3. Use a firewall
This should go without saying, but you definitely need a secure and reliable firewall. If you’re a Windows user, your operating system already comes with a pre-installed firewall – simply make sure it’s enabled at all times. It will protect unused protocols that can allow hackers to remotely access your printer from outside the network.
If you want more advanced protection, however, you might have to buy a specialized firewall.
4. Update your printer firmware to the latest version
Printer manufacturers regularly fix known vulnerabilities in the firmware for the devices they produce, so make sure your printer always stays up-to-date security-wise. Closing any known security holes with the latest version of firmware will help you avoid most basic network printer issues.
Keeping your firmware up to date is even more important if you use a printer at home, as most business-class printing machines have additional security features that home printers lack.
If you’re as forgetful as we are, simply set up a recurring reminder to check for updates on your calendar app once every couple of months or so.
5. Change the default password to a strong passphrase
Most printers tend to be connected to wifi, which means they can be accessed remotely with a password. However, most printers also have default administrator usernames and passwords that hackers can easily look up and use in order to gain access.
If you haven’t changed your printer’s default password, do this immediately. You should find the option to do this in the utility settings of your printer. Instead of going with a password, consider creating a long, strong, and unique passphrase to make it a nightmare to brute-force.
Lastly, make sure printing always requires log on credentials – consult your printer’s manual to find out how.