How to Secure Your Wireless Printer Against Hackers

wireless printers protect from hackers

No doubt most of us think how horrible it would be if someone hacked into our computers or mobile phones, but what about wireless printers that process sensitive information every day? Unfortunately, hackers could exploit such devices' vulnerabilities not only to steal documents they print, but also to obtain passwords, hijack targeted machines, and so on. The weaknesses and methods that could allow these scenarios to happen were researched by Jens Müller, Vladislav Mladenov, Juraj Somorovsky, and Jörg Schwenk, who introduced their findings in a paper called SoK: Exploiting Network Printers. Further, in the blog post, we will discuss the attack methods listed on it as well as talk about how to secure wireless printers against hackers.

How can hackers exploit wireless printers?

According to the mentioned research paper, there are at least four different ways (Denial-of-Service, protection bypass, print job manipulations, and the information disclosure attack), hackers could attack such devices. To test them on the chosen 20 printer models, the researchers designed an open-source tool called Printer Exploitation Toolkit. What they have found is all of the tested models were vulnerable to at least one of the four different attacks.

Denial-of-Service (DoS)

Just as DoS attacks are used to make targeted web pages unavailable to their visitors they are also used to keep the wireless printers busy and make their user unable to print anything. According to the mentioned research paper, there are three scenarios of how cybercriminals could initiate DoS attacks on printers. Firstly, the attacker could disable printing function via USB that he would attach to the device himself. Then he could send a lot of requests to print to block the machine's transmission channel (port 9100) and destroy the device's Non-Volatile Random-Access Memory which should store its long-term settings. The third way is to keep the printer's Raster Image Processor busy by making it print a file with a specific PostScript (one of the most popular printing languages) command, and so creating an infinite loop.

Protection Bypass

During such attacks, the hackers try to find a way around the device's protection mechanisms. Wireless printers can have restricted access to them, but according to the mentioned research paper, it can be easily bypassed if the attacker can get near the device and reset it to factory settings while pressing a particular key combination. Of course, being near the targeted machine could be impossible, although it may not stop hackers as again they could use PostScript commands embedded to documents to do the reset for them. Besides, cybercriminals could bypass the device's protection by exploiting its backdoors. It seems some printers may have backdoors that could allow the attacker to perform administrator level actions remotely.

Print Job Manipulations

It is when hackers try to infect targeted machines with malware to gain the ability to modify print jobs. Researchers claim this method could be used to prank someone, but it could also be used to do serious harm to a targeted organization or business. For example, the attacker could use the 9100 port to access the machine and make the documents it prints contain misspellings.

Information Disclosure

The last attack method is used when trying to access the wireless device's memory/file system or to obtain printed documents and credentials. If the hacker manages to access the machine's memory, it could use specific PostScript commands to dump the memory of the attacked device and as a result get information like passwords or printed documents. As for obtaining passwords, it appears that it is possible to crack them offline with specific PostScript commands.

Nonetheless, the researchers say the most practical method and the biggest threat to wireless printers' safety yet could be advanced cross-site printing attacks. During these attacks, cybercriminals create websites with malicious JavaScript commands that later get processed by the victims' browsers if they get lured into such sites. The downside of this method was it allowed the hacker to send malicious commands to the device, but he could not obtain printed documents or other information. Unfortunately, the specialists claim there are now ways to make these attacks more advanced, and consequently, cross-site printing could be used to steal sensitive information too.

How to secure wireless printers against hackers?

Knowing how to protect a wireless printer from attackers is useful both to organizations printing documents with sensitive information and for users who could use their devices to print medical insurance forms, documents for tax refunds, files containing banking information, and so on.

There are a few ways to secure wireless printers against hackers. Probably, the most obvious one is not to connect it to a network, but use a USB cable whenever you need something to print instead. The drawback is this way you could not enjoy your device to the fullest, especially if you specifically wanted it to be wireless. A more practical solution would be to encrypt data before it is sent to the printer. This way the files forwarded via network could still be obtained. However, the hackers would be unable to read them. There are even printers that have an encryption function or comes with internal drive encryption. What's more, even though it might not guarantee the machine will be more resistant to attacks, it is still recommendable to update the printer's firmware and drivers whenever it is possible. Lastly, it would be advisable to enable password or PIN requirement if possible, just make sure you replace the combination with your own rather than leaving passcodes that came with the device.

Perhaps, not everybody prints sensitive data which is why the security of such devices may not seem too important. Sadly, in reality, the machine's vulnerabilities could result in compromising the network it is connected to, and this could create various opportunities for hackers. Thus, if you worry about your data security and use wireless printers, it is something to think about.

As the researchers behind the discussed paper say, there is yet too little information on printer security risks or ways to deal with them, but hopefully this blog post will contribute to spreading awareness of how dangerous it could be leaving your wireless printer unsecured.

By Foley
September 24, 2018
How To
English
September 24, 2018
How To

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

5 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Password Security

Does the Scottrade Secure Login Really Protect My Account and Money?

What is Scottrade? Scottrade used to be a discount brokerage company, which operated both in physical branches and online. Scottrade was bought by TD Ameritrade and Toronto-Dominion Bank last year. The firm gained... Read more

June 21, 2018
Password Security, Tips

How to Create a Secure Password for Your PayPal Account

PayPal is one of the most widely used and secure payment platforms online. With it, paying bills, purchasing goods from eBay sellers and even sending money to friends or family becomes as easy as clicking a few... Read more

September 18, 2018
Password Security

When Can a Password Be Considered Secure?

1990's spy movies might have you believe that cracking a password involves a nimble-fingered person sitting in front of a computer, trying out different combinations until the green "Access Granted" message appears.... Read more

May 10, 2018
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.