Despite being a significant risk, even in organizations that deal with sensitive data such as personal health information (HIPAA) and credit card data (PCI), printer security is often overlooked. After all, printers are usually easy to configure and tend to keep working until some mechanical failure takes place. This risk is a particular problem with high-end multifunction devices that can perform functions, such as scanning documents to a user’s home directory or e-mail inbox, as many of them have hard drives that can store sensitive data far longer than most users expect. This risk, at least, is being addressed by organizations that have a mature information security program by requiring that storage media be destroyed or left with the organization at the end of the device’s life. Unfortunately, there are other risks that aren’t well-known and often don’t get addressed.
Potential Problem Areas
In my time working as a penetration tester (or if you prefer, “Ethical Hacker”), I have seen, on multiple occasions, printers being used as a way to gain access to other systems. The most common way that this happens is when IT staff configure a multifunction device with a set of credentials, usually for Lightweight Directory Access Protocol (LDAP), so that it can communicate with file and print services such as Windows Active Directory. Unfortunately, the same IT employees often leave the printer with a default or easily guessable password that allows a hacker such as myself to access and manipulate its configuration. In some cases, the device software itself may have vulnerabilities that allow us in, even if a strong password was used. Once we have access to the printer, we can often manipulate it so that we can reveal the username and password it was using to compromise other systems. Without going into details, I have even seen it possible to add a printer “back door” simply by sending a malicious software update to it without authentication.
To address these and other risks, HP has upped its game when it comes to printer security through its new HP Enterprise Secure Printer line. For one thing, they have enabled printer hard drive encryption as a default on many of its printers. In addition, the manufacturer has included Trusted Platform Module (TPM) hardware to ensure that BIOS and firmware updates are cryptographically “signed” by HP so that hackers cannot upload a malicious update. HP also added some checks that attempt to verify that the executable software running on the printer’s operating system has not been tampered with, and which will initiate a shutdown or restart if tampering is detected. All of these features together make it much harder for an attacker to succeed in an attack. Hackers value their time and tend to target systems that are easy to exploit, and often move on to easier targets when challenged.
Don’t Default on Security
Although all of these new security features are excellent, it is still important for the organization to take steps to secure them. The most secure options possible may not be the default settings. Most importantly, setting strong passwords for privileged configuration screens is essential. A close second would be disabling any unnecessary features, such as Printer Job Language (PJL) functionality, that are not strictly needed for your environment. HP maintains several guides on how to configure printer security that cover far more settings than can be discussed here, and I strongly recommend you review them to ensure you’re doing all you can to secure your printers.