Compared to bleeding-edge technologies such as artificial intelligence, machine learning and software-defined networking, multifunction devices, printers and fax machines are generally regarded as rather pedestrian pieces of business equipment. From an IT security perspective, such an outlook could be very dangerous. These devices pose a greater risk to network security than most organizations realize.
Today’s MFDs, printers and faxes are almost always networked, enabling connections from desktops, laptops, tablets, smartphones and cloud or other remote printing services. While this functionality streamlines work processes, it also opens the door to a variety of vulnerabilities.
In a 2017 survey of 200 companies, more than half reported data loss incidents linked to printers. Many involved digitally intercepted print jobs, data copied from printer hard drives, and documents faxed or emailed to external sources. There’s also the risk that malicious employees or visitors will simply steal printed materials left in the printer tray.
As organizations have improved security for a variety of endpoints, mobile devices and cloud platforms, hackers have begun creating very sophisticated exploits that specifically target MFDs, printers and fax machines. Earlier this year, for example, Check Point researchers discovered that hackers can use fax machines to spread malware and take over corporate networks. In the so-called “Faxploit,” hackers run arbitrary remote code on an MFD via the telephone lines it uses to fax. That code can then be used to deliver a secondary exploit and move laterally through the network.
In August, HP issued two firmware patches after finding that more than 100 of its printers had two critical vulnerabilities that would allow hackers to execute code remotely. The company’s security bulletin stated that a “maliciously crafted file” sent to an affected device could cause a stack or static buffer overflow, which could allow remote code execution.
In 2017, the security firm Armis described a set of nine exploitable Bluetooth vulnerabilities that hackers could use to take control of a variety of wireless devices, including printers and MFDs. The exploits, collectively known as BlueBorne, are particularly worrisome because they can penetrate “air-gapped” internal networks that have been disconnected from the Internet and any other network for protection.
There are several steps organizations can take to reduce their risk. First, check for available firmware updates and software patches and apply them immediately. This is especially important for Bluetooth-enabled devices. If no patch is available, disable Bluetooth if it isn’t being used. In fact, you should shut off any features or ports that your organization doesn’t require.
It’s a good idea to change the default administrator password, although your dealer or managed services provider will need the new password to perform maintenance. If possible, configure devices with hard disks to erase files after each print, scan, copy or fax job. You might also consider requiring users enter a passcode or PIN to access spooled print or copy jobs.
Organizations should also consider using network segmentation to prevent hackers from moving freely across the network. When an unauthorized user infiltrates a network, the right network segmentation policies will dramatically reduce the exposure of sensitive data and mission-critical business systems.
Networked MFDs, printers and faxes may not be the most noticeable pieces of technology in the modern workplace, but they are essential for maintaining efficient workflows. Although most people tend to think of them as isolated, low-tech tools, they have become attractive targets for hackers looking for easy entry into the corporate network. Access controls and other security measures are a must for closing potential security gaps.