UPDATED 17:04 EST / SEPTEMBER 12 2023

SECURITY

Beware of insecure networked printers

Despite promises of a paperless office that have origins in the 1970s, the printer is still very much a security problem in the modern office.

And even if Microsoft Corp. will succeed in its efforts to eradicate the universe of third-party printer drivers from its various Windows products, the printer will still be the bane of security professionals for years to come. The problem is that the attack surface for printer-related activities is a rich one, with numerous soft targets.

Back in 2020, there was a problem with the Windows print spooler called PrintDemon that compromised many networks. Then in 2021 there was the case of the PrintNightmare exploits that required these warnings and patches from Microsoft, only to come back to haunt us in 2022 with new print spooler problems discovered by Kaspersky.

And these are just the most recent examples. Printer insecurities have been around almost since the PC was invented, and certainly many of the problems stem from the legacy code that hasn’t much changed since then, making it so attractive to hackers.

The problem with printers got a boost with the first round of network print servers in the early 1990s when Hewlett-Packard Co. invented the first network printer server called JetDirect. This took the form of an internal circuit card that came in both Token Ring (remember those?) and Ethernet network versions.

These cards fit inside the early monochrome LaserJet printers, and since the cost of the printer was around $2,500 then, there was some motivation to share them. Prior to JetDirect, HP had been selling the first desktop laser printers for several years and this was the first time that any of them could be easily connected to a network.

Soon hackers would come to love the JetDirect card, as Adrian Crenshaw documented in this post from 2003. That paper shows some quaint compromises, such as sending funny or profane messages to the printer’s LCD screen and other tricks. These were all easy to do, since many of the early networked printers came without any administrative password required by default. This might be the beginning of the initial internet of things insecurity era.

Also adding to printer insecurity was the rise of web servers as the go-to management interface for just about everything across a business network. Soon it would be hard to find a networked printer that didn’t come with its own web server to let the information technology department know when it ran low on supplies and to keep track of page counts. It certainly made it easier for hackers to reach out and mess with them, especially when IT took its sweet time in upgrading its firmware to squash security bugs.

My colleague Deb Radcliff was writing about these issues for Computerworld back in 2007. She actually used one of the printer exploits as a plot point in her 2022 cyber-infused novel “Breaking Backbones,” when one of the characters connects to a remote network through an unprotected printer.

It also didn’t help matters that security tools ignored any of the printer log files for analysis of these problems. It took HP until around 2015 to come out with ultra-secure printers that protect any BIOS tampering and have other controls, such as built-in intrusion detection. Of course, what HP considers ultra-secure may still not be good enough.

But blaming a networked printer itself is just really a sideshow. The real trouble lies with the printer drivers that are included with each endpoint operating system. In mid 2021, Sentinel Labs found millions of printers were vulnerable due to bugs in HP, Samsung and Xerox printer drivers. The bug dated back to a problem something created in 2005. They reported the issue to HP and it was eventually fixed a few months later.

The researchers said the problem could be found in nearly 400 different printer models sold over the years. One of the exploit’s curious characteristic is that the driver could be partially loaded and still compromise the endpoint PC, which made it a potential go-to resource for hackers.

But today’s IT environment has also created a new issue, namely working from home. This means an insecure printer could easily become connected to a corporate network when it uses a virtual private network connection. This means corporate networks should be tracking those remote printers and examine their logs for any unusual behavior.

This brings us back to my reference of the paperless office. Back in the late 1970s, I was working for a Washington, D.C., consultancy and we got a tour of a firm by that name located in the Watergate office complex. Its gimmick was microfiche, because at the time the best digital storage we had were floppy disks that held all of 360,000 bytes of data. (The Post did a feature on it here, which is amusing to read in the light of the present day.)

Alas, microfiche was no challenge for the printed piece of paper, and we seem to be stuck with printers for the time being.

Image: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU