Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

11/24/2020
11:00 AM
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Printers' Cybersecurity Threats Too Often Ignored

Remote workforce heightens the need to protect printing systems against intrusion and compromise.

Working remotely was growing more common even before the coronavirus pandemic accelerated the trend. As workers increasingly settle into their home offices, they still need access to company networks and office hardware — particularly printers. In fact, the pandemic led to a spike in the sale of home office printers, according to Deloitte.

This scenario poses a challenge for IT personnel who are working to secure increasingly decentralized networks in today's hybrid work reality. More specifically, it highlights the challenge of protecting traditionally unforeseen targets — printers — against intrusion and compromise. That's of increasing importance: According to Quocirca's 2019 "Global Print Security" report, 59% of businesses in the UK, US, and Europe have experienced a print-related breach in the past year.

Related Content:

More Printers Could Mean Security Problems for Home-Bound Workers

The Changing Face of Threat Intelligence

New on The Edge: ISP Security: Do We Expect Too Much?

IT decision makers are waking up to this reality — 83% of respondents to another Quocirca survey say their IT departments are at least somewhat concerned about the security of information printed on home printers. But whether in an office, at home, or anywhere else, the risks go beyond device and document security. The rise of the Internet of Things (IoT) means today's printers can contain several potential entry points to networks and sensitive data — a threat for which large enterprises and small businesses operating remotely must prepare for.

The Nature of Printer Attacks
Previous generations of printers were equipped with read-only memory, making them less vulnerable to hacking or reprogramming. But modern printers have entire operating systems and writable memory, not to mention the convenience of downloadable apps and online firmware updates. These improvements make blending our physical and digital lives easier and more accessible than ever. They also create potential access points where hackers can insert malicious code to gain access to a network and its sensitive data.

Printing systems can experience straightforward interruption-of-service attacks as hackers exploit old firmware versions to take over and halt the operation of a device. But they can also be subjected to more sophisticated exploitation, such as man-in-the-middle attacks that expose sensitive confidential data. Hackers can also leverage exposed Internet Printing Protocol (IPP) ports to gain access to the network. According to ZDNet, 80,000 printers — nearly an eighth of all IPP-capable printers — are exposing their IPP ports online on a daily basis. That's a profound issue for the countless enterprises around the world transforming at an astounding pace right now.

Making Printing Safer
Printer vulnerability doesn't have to be inevitable. In fact, there are multiple ways to help secure printing systems against malicious interference by third parties: 

  1. Supply chain security: By creating a fully secure supply chain from start to finish, manufacturers can reduce the opportunities for malicious code or third-party elements to be installed in the system before the printer even goes online. Customer verification, digital tracking, and tamper-proof, multilayer packaging all play a part in minimizing vulnerabilities.

  2. Hardware security: Printers can be designed with internal resources to enhance security, including multiple layers of protection that help detect and remediate attacks. Firmware plays a key role in this part of security architecture, making it essential to protect the firmware's original code from tampering within the supply chain.

  3. Secure cartridges: Chips with built-in security and proprietary firmware can help protect against third-party interference at the point where information is transferred from the chip to the printer. Smart-card technology plays a key role in protecting against this vulnerability, helping resist tampering and hacking and reducing the risk of backdoor attacks. A maliciously programmed chip, on the other hand, could stop a printer from working or even create new vulnerabilities.

  4. Proactive testing and improvements: Any firmware is only as good as its code. Manufacturers must proactively test the security of their printers and cartridges to ensure they can withstand malicious attacks. Bug bounty programs are one way to do this; for example, HP is collaborating with Bugcrowd to hire professional ethical hackers to help uncover potential risks in printers and cartridges for an end-to-end security testing approach.

  5. Firmware upgrades: Printers, like most other IoT devices, should always deploy the most current firmware updates. Firmware updates not only deliver the latest features and functionalities, but they also fix bugs and provide protection against the latest cybersecurity vulnerabilities. 

Awareness Is Key
The cybersecurity landscape is immense, and it's far too easy to ignore the critical role printers play in an organization's or an individual's security. Recognizing that risk and making it a priority is the first step in managing and mitigating these threats. IT personnel are becoming increasingly aware of this issue, but it is essential to take steps now to mitigate these risks given that the rise in home offices and decentralized workforces is increasing the potential for malicious interference.

Make no mistake: IT departments are engaged in an arms race against ever more complicated external attacks. Manufacturers need to build cyber-resilient devices and solutions that can protect, detect, and recover from these attacks.

Shivaun Albright is HP's Chief Technologist of Print Security who is responsible for the company's enterprise print technical security strategy. She has over 10 years of cybersecurity experience and four years of experience as standards committee chair, in which she oversees ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22847
PUBLISHED: 2021-01-22
Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.
CVE-2021-22849
PUBLISHED: 2021-01-22
Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack.
CVE-2020-8567
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
CVE-2020-8568
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that conta...
CVE-2020-8569
PUBLISHED: 2021-01-21
Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, ...