All it takes is one forgotten dust-gathering printer for cyber thieves to get in.
Five years ago, when I had just joined Cybernews, we released what I thought was a hilarious experiment regarding printers. Back then, our team of security researchers hijacked thousands of printers simply to raise awareness of printer security issues.
“This printer has been hacked. Here’s how to secure it.”
This message was printed on 27,944 printers out of the 50,000 devices that we targeted.
In those five years, many have learned the importance of securing every Internet of Things (IoT) device. However, printer security remains a big headache to this day.
I wonder what the results would be like now, five years after the experiment. Printers, as well as other IoT devices, including the most unexpected ones like thermostats, remain a headache for security teams. If not properly secured, they could become a malicious hacker's way into your organization.
A new report by HP Wolf Security, Securing the Print Estate: A Proactive Lifecycle Approach to Cyber Resilience, says that IT teams often fail to update printers on time, struggle to detect and mitigate threats, and can’t always tell whether the printer was tampered with.
“Printers are no longer just harmless office fixtures – they’re smart, connected devices storing sensitive data,” warns Steve Inch, Global Senior Print Security Strategist at HP Inc.
He added that printers create long-term vulnerabilities. If threat actors manage to hack a printer, they can steal confidential information and use it for extortion or sale.
“The wrong choice can leave organizations blind to firmware attacks, tampering or intrusions, effectively laying out the welcome mat for attackers to access the wider network,” Inch said.
According to the report, based on a global study of 800+ IT and security decision-makers (ITSDMs), only one-third of IT teams apply firmware updates promptly, leaving organizations exposed to hacking.
What's more, IT teams often don’t bother to validate security claims by the manufacturer, and can’t even tell if the printer has been tampered with in the factory or in transit.
Printers turn out to be a much bigger headache than you’d think they might be. IT specialists are not fully convinced that printers can be fully and safely wiped. The resale of printers becomes nearly impossible as some IT teams insist they need to be fully destroyed to protect corporate data.
Printers, while an additional risk, can also be perfectly safe to use. Here’s a few tips on how to protect your data:
- Apply firmware updates immediately after their release
- Require security certificates from the manufacturer, and vet their claims
- Deploy printers with continuous monitoring for zero-day threats and malware.
- Make sure your printer can be and is isolated from the network as much as possible.
- Check if the printer you are looking to buy has built-in erasure feature so you could recycle it later.
As with anything you buy, some research needs to be done. Printers cannot only be hacked to spread malware and steal data, but in some cases, they even come with built-in malware. In a shocking case recently covered by Cybernews, the printer manufacturing company was accused of spreading malware designed to drain cryptocurrency accounts.
Your email address will not be published. Required fields are markedmarked