Printing is perhaps rarely discussed in a cyber context. Still, while the prevalence of connected printers and multi-function printers (MFPs) enhances convenience and productivity, it also poses technological and physical security risks. Businesses need to ensure a print security strategy in place, from managing and securing paper in digital processes to connecting the devices themselves. As printers evolved and their feature sets expanded, it became commonplace to encounter printing devices in the workplace related to the internet, to sensitive networks, or both.
Printer devices are commonly overlooked within the scope of security audits as they are often not perceived as complex computers. In addition, many printers are prone to crashing when scanned. Thus the risk of disruption typically leads to only a cursory review being conducted even when these devices are within the scope of an assessment. This approach may give the impression that printers do not pose a risk to an organization, a false sense of security. Year on year, we see security research presented that identifies severe vulnerabilities and gaping holes in the protection of these systems. Before looking at how we can reduce the risk printers and printing may pose to an organization, we must look at the common risks:
- A compromised, internet-connected printer could provide an entry point to an attacker into internal networks.
- A compromised network-connected printer could allow an attacker to persist within a network, most likely unnoticed.
- A compromised printer may divulge sensitive data to an attacker, such as the documents being printed.
- Printed documents may be sensitive and stolen if not physically secured or destroyed.
- A physically and technically insecure printer may allow malicious software updates to be installed, for example, via exposed USB ports.
While non-exhaustive, these are critical risks a potentially vulnerable printer or printing process could present to an organization. A secure print strategy should consider points that reduce the risks noted above and the threat posed by those using the printer and managing the printed documents.
Considering the above risks, there are several ways where mitigation can help to reduce the possibility of successful attacks.
Inventory and monitoring
Security monitoring and inventory is the first step to understanding the baseline security posture of printers within an organization. It is crucial to know what firmware version is in use, whether a default configuration (and thus default password) is set up or whether any anomalies are present.
Ensure the printer’s firmware is up to date and the configuration hardened
While you cannot protect against unknown vulnerabilities, organizations can reduce the risk of being exploited by ensuring a set configuration and the most up-to-date firmware is in use. In order of priority, organizations should ensure:
- Authentication is enabled with a unique, solid, and non-default password.
- The device’s firmware is the most recent and regularly updated.
- Any unnecessary services and features are disabled.
- Document caching settings as disabled where possible.
- Features such as sending documents via email, or uploading to sharing portals are appropriately restricted to only allow sending to trusted domains and authorized providers.
These steps can help prevent attacks such as credential theft if a device has credentials stored, where, for example, previous episodes have seen LDAP credentials extracted via coercing the printer to authenticate with rogue, attacker-controlled devices.
Isolate your printers where possible
While it may not be practical to fully isolate your printers at the network level, care should be taken to ensure all printers can only access user workstations. In addition, that printer management interfaces can only be accessed from management designated systems.
This helps prevent lateral movement to sensitive systems if a connected printer is compromised and controls access to printer management interfaces from unauthorized users.
Regularly monitor your printer’s paper output and printing area
Regular review of the printer’s location should be conducted to ensure no sensitive documents are left unattended. Where possible, clearly labelled bins and shredding devices should be present close to the printing station, and employees should be encouraged to use them for the disposal of secure documents.
Implement secure pull/FollowMe printing
Secure pull and FollowMe printing are a means of ensuring documents are only released and printed once the authorized user has authenticated with the device. This is a safe way of ensuring printed copies don’t end up in the wrong hands before the user reaches the printer.
Ensure printers are included within the scope of penetration tests
Printers tend to be excluded from penetration test scopes, as they are either overlooked by the organization or considered fragile by the vendor. For example, security scanning can cause them to crash, and, as a result, they are often implicitly not robustly assessed.
Printers should be included within the scope of penetration tests with explicit checks for common misconfiguration and a plan of action in the case these devices are disrupted (such as testing outside of busy periods and having someone present to reboot the devices if required).
Educate users to ensure documents remain secure
Educating users is an integral part of security. Steps should be taken to ensure users of the printers understand data confidentiality, protective markings, and good practice around handling sensitive materials.
Ensure secure decommissioning takes place.
Where possible, printer hard drives should be encrypted where supported and securely wiped before the disposal of a device. This can help prevent data recovery efforts if a printer is stolen or obtained by a malicious individual.
Implementing these measures can significantly reduce the likelihood of successful attacks and help detect any potential attacks or points of entry before attackers exploit them.
Josh Foote is a cyber security expert at PA Consulting.