Securing the Office Printer in Six Steps
Never overlook the importance of securing the office printer. How easy is it for server intrusion to occur this way? Christian Slater makes it look effortless.
Slater stars in the new HP printer security campaign, and it is the most dramatic thing to happen to an office peripheral since the fax machine scene from Office Space.
Playing The Wolf, Slater steals company data through the printer in a multi-part commercial series created by HP Studios.
Awareness about hackable office printers needs more Hollywood clout to resonate with customers; that’s what HP marketing head Vikrant Batra told Marketing Week about this new campaign. Slater played a hacker role in the Amazon Prime series Mr. Robot, so he’s suitable for raising awareness about cyber attacks.
How much of an issue is office printer hacking?
A wireless printer that connects to an unencrypted and unsecured on a Wi-Fi network is an easy target. Some consumer-level Wi-Fi printers ship with the Wi-Fi connection open by default, and if a company overlooks this it can be a method for outsiders to steal any data sent to it.
In Singapore, cybersecurity researchers strapped a smartphone on a drone, and programmed it to detect open Wi-Fi printers in office towers. It looks remarkably easy to compromise the network through a printer.
Hacking a network printer from the web
In 2013, HP reported and issued patches for networked printers with a vulnerability that showed how a remote hacker could see the admin password as a simple hex representation. The hack also exposed the Wi-Fi password of the network. The issue was tied to hackers revealing hidden URLs embedded in printer firmware; all other hackers needed was the IP address of the printer to become a Man in the Middle (MIM) threat.
Here’s the list of affected printers reported by HP in 2013. Source
Six Steps to Securing the Office Printer
- Assume that network printers are not secure out of the box. Many have default administrator usernames and passwords that must be changed. This is easily configured in the utility settings of a new printer.
- Always make sure to use the latest firmware for any printer. That is how manufacturers fix known vulnerabilities. Out-of-support printers are the most vulnerable because manufacturers stop updating firmware.
- A Wi-Fi printer should only be accessible from a WPA2 encrypted access point. Make users log on to print wirelessly. Using a consumer-level Wi-Fi printer out of the box is never advisable.
- Business-class network printers have vendor-specific software for monitoring compliance. This helps if you manage a larger network with dozens, or hundreds, of network printers. HP JetAdvantage Security Manager, Brother Device Management & Security, and Lexmark Markvision are examples.
- A reliable firewall or UTM guards against MIM printer hacks from outside the network. Configure the network settings so the printer responds only to commands from specified ports on a network switch or router. IPPS protocol is the standard for secure (SSL port 443) printing on new printers. Make sure to turn off unused or unnecessary protocols that allow remote access to your printer.
- Printers store a document’s data after they print it. You can configure a printer to purge its memory, or disable printer memory altogether. If you want to keep printer memory enabled, set up encryption using the printer utility or firewall settings.
Using a network Wi-Fi printer out of the box is never advisable. New business-class printers make configuring security features a straightforward process. Turn off any unnecessary protocols for access when securing the office printer; you never know when Christian Slater might be lurking around.