Printing is perhaps rarely discussed in a cyber context. As printers evolved and their feature sets expanded, it became commonplace to encounter printing devices related to the internet, sensitive networks, or both in the workplace. Still, while the prevalence of connected and multi-function printers (MFPs) enhances convenience and productivity, it poses technological and physical security risks. Businesses must ensure a print security strategy, from managing and securing paper in digital processes to connecting the devices.
Printer devices are commonly overlooked within security audits as they are often not perceived as complex computers. In addition, many printers are prone to crashing when scanned. Thus the risk of disruption typically leads to only a cursory review being conducted, even when these devices are within the scope of an assessment. This approach may give the impression that printers do not pose a risk to an organization, a false sense of security. Security research identifies severe vulnerabilities and gaps in protecting these systems year after year. Before looking at how we can reduce the risk printers, and printing may pose to an organization, we must look at the common risks:
- A compromised, internet-connected printer could provide an entry point to an attacker into internal networks.
- A compromised network-connected printer could allow an attacker to persist within a network, most likely unnoticed.
- A compromised printer may divulge sensitive data to an attacker, such as the documents being printed.
- Printed documents may be sensitive and stolen if not physically secured or destroyed.
- A physically and technically insecure printer may allow malicious software updates to be installed, for example, via exposed USB ports.
While non-exhaustive, these are critical risks a potentially vulnerable printer or printing process could present to an organization. A secure print strategy should consider points that reduce the risks noted above and the threat posed by those using the printer and managing the printed documents.
Considering the above risks, there are several ways where mitigation can help to reduce the possibility of successful attacks.
Inventory and monitoring
Security monitoring and inventory is the first step to understanding the baseline security posture of printers within an organization. It is crucial to know what firmware version is in use, whether a default configuration (and thus default password) is set up, or whether any anomalies are present.
Ensure the printer’s firmware is up to date and the configuration hardened
While you cannot protect against unknown vulnerabilities, organizations can reduce the risk of exploitation by ensuring a set design and the most up-to-date firmware is in use. In order of priority, organizations should provide:
- The following authentication is enabled with a unique, solid, and non-default password.
- The device’s firmware is the most recent and regularly updated.
- Any unnecessary services and features are disabled.
- Document caching settings as disabled where possible.
- Features such as sending documents via email or uploading to sharing portals are appropriately restricted to only allow sending to trusted domains and authorized providers.
These steps can help prevent attacks such as credential theft if a device has credentials stored, where, for example, previous episodes have seen LDAP credentials extracted via coercing the printer to authenticate with rogue, attacker-controlled devices.
Isolate your printers where possible.
While it may not be practical to isolate your printers at the network level fully, care should be taken to ensure all printers can only access user workstations. In addition, printer management interfaces can only be accessed from management-designated systems.
This helps prevent lateral movement to sensitive systems if a connected printer is compromised and controls access to printer management interfaces from unauthorized users.
Regularly monitor your printer’s paper output and printing area
The printer’s location should be reviewed periodically to ensure no sensitive documents are left unattended. Where possible, clearly labeled bins and shredding devices should be present close to the printing station, and employees should be encouraged to use them to dispose of secure documents.
Implement secure pull/FollowMe printing.
Secure pull and FollowMe printing ensure documents are only released and printed once the authorized user has authenticated with the device. This is a safe way of ensuring printed copies don’t end up in the wrong hands before the user reaches the printer.
Ensure printers are included within the scope of penetration tests
Printers tend to be excluded from penetration test scopes, as they are either overlooked by the organization or considered fragile by the vendor. For example, security scanning can cause them to crash, so they are often implicitly not robustly assessed.
Printers should be included within the scope of penetration tests with explicit checks for common misconfiguration and a plan of action if these devices are disrupted (such as testing outside of busy periods and having someone present to reboot the devices if required).
Educate users to ensure documents remain secure.
Educating users is an integral part of security. Steps should be taken to ensure users of the printers understand data confidentiality, protective markings, and good practice around handling sensitive materials.
Ensure secure decommissioning takes place.
Where possible, printer hard drives should be encrypted where supported and securely wiped before the disposal of a device. This can help prevent data recovery efforts if a malicious individual steals or obtains a printer.
Implementing these measures can significantly reduce the likelihood of successful attacks and help detect any potential attacks or points of entry before attackers exploit them.
Josh Foote is a cyber security expert at PA Consulting.