An article in MIT’s Technology Review explored printer security concerns, a topic of discussion at the annual ShmooCon hacker convention, held January 28– 30 in Washington, DC. At the convention, security experts delivered two presentations examining how hackers can use a company’s networked printer or MFP to exploit a company’s network and gain access to sensitive information or even use printers and MFPs as cyber storage. With the rise of inexpensive Web-connected printers from HP and Lexmark, the security of printing devices is an issue that now affects customers ranging from home users to large enterprises.
A presentation called, “Printer to PWND: Leveraging Multifunction Printers During Penetration Testing,” focused on a new tool called Praeda. (PWND means compromised or controlled). Praeda was developed by so-called “penetration testers,” who attempt to hack in to a company’s network under controlled circumstances to look for potential security issues. According to the presenters, “In this presentation, we go beyond the common printer issues and focus on harvesting data from multifunction printer (MFP) that can be leveraged to gain access to other core network systems.” The Praeda software looks for common security flaws and configuration issues (e.g., default passwords) to access printers from outside a corporate network. After the network is compromised, Praeda can capture usernames, email addresses, and authentication information including SMB, email, and LDAP passwords. The developers of the tool say they can then leverage this information to gain administrative access into email servers, file servers, and Active directory domains.
Another presentation, called “Printers Gone Wild!” focused on weaknesses of HP’s Printer Job Language (PJL), which is supported in certain HP printers. PJL functions above PCL and other print languages for switching printer language between print jobs, job separation, printer configuration, and reading back status from the printer to the host computer. The penetration tester says that PJL can be exploited for “printer information gathering, control panel lockout, disk lockout, file uploads, file downloads, and mass LCD changing.” Alarmingly, the tester found HP printers could be used as “a large storage receptacle for data ex-filtration, covert storage, and browser exploitation tactics.”
While the industry has long been aware of security issues related to shared copiers and MFPs in offices, with vendors constantly updating their lines with various security improvements, today’s networked, Web-connected printers for homes and small offices/home offices (SOHO) present hackers with a new, less secure opportunity. The MIT Technology Review article quotes one tester who warns “even the printers you have at your house, these multifunction printers, have an ability to do a lot over the Web. They don’t integrate as much, but they can do remote printing and remote scanning.” Indeed, when HP announced ePrint, one of the first concerns among industry analysts was security and spam protection. HP has implemented security features with ePrint such a s a locked mode to specify what email addresses are allowed to send print jobs to a printer.
Security has becomes a growing concern among consumers and businesses of all sizes, as hackers are always looking for potential weaknesses that can be exploited. Because today’s printer and MFPs have so much more functionality than a device did 10 or 15 years ago, they are now actively targeted by hackers. Thwarting these attacks is one area in which companies that market advanced copiers and MFPs (e.g., Canon, Konica Minolta, Ricoh, Xerox) and that therefore have more experience in security standards will have an advantage over firms that have traditionally marketed only printer-based products. Still, the onus is on all hardware vendors to improve security as clever hackers continually find more weaknesses to exploit.