7

I have booted up a brand new printer and me being curious I checked out it's web-interface by typing its IP address in the URL. Poking around, I notice a few things.

  1. There is no password set for administrator account. I can go to the tab and it will say "Administrator password : Not set" (explains why I cant find a login to admin button...)

  2. Overall weak configuration of protocols and such. I am not yet a master of all the basic protocols (but getting there, any sites you found useful would greatly be appreciated. I've been using Wikipedia) but clicking through all the settings for the protocols they were all configured without passwords and next to no security.

My question is the following:

If a company did this with their printer; rolled it in, powered it up and left it there, how dangerous would it be to the network it's connected to, if somebody found a way to exploit it? Also does the type of printer (MFP, Scanner, General printer) change how dangerous it is?

  • 4
    Depends if you believe HP. If you do, http://www8.hp.com/us/en/solutions/security/thewolf.html If you don't, http://malwarejake.blogspot.co.uk/2017/02/hp-printer-security-fud-highlights.html :-) – Matthew Feb 21 '17 at 16:27

3 Answers3

4

Securing a printer with a password might not necessarily help at all. Some printers may be reset to factory defaults via SNMP over the network or SNMP commands embedded in print jobs. Some printers even might provide back doors(1, 2).

Some printers have universal computing capabilities (PostScript, Java) and services that can be accessed over the network. This may give rise to vulnerabilities that affect the network itself, e.g. cross-site printing, print job manipulation, or file system access. For an overview you might read Jens Müller, Vladislav Mladenov, Juraj Somorovsky, SoK: Exploiting Network Printers.

(1) http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-0788
(2) http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-4964
(3) https://www.nds.rub.de/research/publications/sok-exploiting-network-printers/

aventurin
  • 226
  • 1
  • 2
  • 7
1

The printers could be used as zombies like in Mitnick's Christmas Day Attack. In case of any attack, a device that is connected to network such as MFP, Scanner, or a general printer is a potential target because such devices have weak security configurations, although they have an IP address and communicate with a server.

Jedi
  • 3,906
  • 2
  • 24
  • 42
1

In short, printers are known to be highly vulnerable to exploit as others have said here.
It is safer to move your network enabled printers in to their own separate VLAN, and have firewall rules in place that permit your print servers to communicate with the printers only.
Additionally, any wireless functionality on the printer should be disabled where possible to prevent it from being exploited over the air.

Dave Lucre
  • 136
  • 3