I am looking at these instructions which suggest basically giving the wireless printer your network password to configure it. I don't know enough about security or networks to know the implications of it and wanted to know if there are any potential security risks in doing this. It seems more secure to give it the network password so it can use the network, rather than directly connecting it via ethernet to the router. I don't think just by giving it the network password it could do anything, but perhaps it opens up the possibility of broadcasting that network password to a centralized place on the internet, which allows others to connect into the network remotely haha. I don't know, just trying to learn more about security with each new device I'm exploring. This and its links to other articles was helpful.
1 Answers
Giving the printer the password for the WiFi (which I assume you mean with "network password") is similar to connecting the printer directly with ethernet to the router: it allows the printer to be part of the network.
The main difference is that bugs in the printer might make it possible for an attacker to extract and misuse your WiFi password even if the attacker itself is not already connected to your network, for example using your browser as a trampoline within a DNS rebinding attack. This can of course not happen if you connect the printer directly with ethernet and don't provide it with the WiFi password since something which is not known to the printer in the first place cannot be extracted from it.
Another advantage of direct ethernet connectivity vs WiFi is that you usually have one potential layer of problems less to debug in case of connectivity problems to the printer. Thus, if the printer is near the router anyway it is better to use an ethernet cable to connect these instead of relying on the more flaky WiFi.
- 184,332
- 29
- 363
- 424
-
Wondering where I can find more info on the security implications of "it allows the printer to be part of the network", or if you could shed some more light on that part. For example, if it could then broadcast this password out, or if it could intercept all router traffic, or anything like that. – Lance Dec 30 '18 at 07:39
-
1@LancePollard: see [How dangerous is an unsecured printer to a network?](https://security.stackexchange.com/questions/151880/how-dangerous-is-an-unsecured-printer-to-a-network), [Attacking an office printer?](https://security.stackexchange.com/questions/23691/attacking-an-office-printer) or [Google: risk of networked printer](https://www.google.com/search?q=+risk+of+networked+printer). – Steffen Ullrich Dec 30 '18 at 09:27
-
Excellent stuff, thanks. So basically, never connect the printer to the network. – Lance Dec 30 '18 at 15:57
-
https://www.quora.com/What-can-hackers-do-with-a-wifi-password – Lance Dec 30 '18 at 16:04