0

Ok, I fully admit this might be in the realm of paranoia, but hey, isn't that sort of the name of this game? :)

I'm staying in a hotel room and needed to buy a small, cheap laser printer for some printouts I need to do. After shopping far and wide, I decided the Pantum P2502W fit the bill perfectly- tiny footprint and more. But then the <paranoid|reasonably cautious> side of me started thinking- this is a Chinese company through and through. Sure, HP, Canon, and the like probably manufacture in China, but they're not Chinese companies at their core.

Anyway, perhaps this is all nuts. Perhaps a lowly printer literally can't do anything. But maybe it can (installing stuff- oh man, the drivers I just realized, or maybe saving info I'm sending to print, etc.) I'm no expert in this so wanted to check here.

There were also several (progressively less secure) layers of using it I wasn't sure about:

  1. Simplest was going to be straight USB connection.
  2. They also allow you to connect to it as a wireless hotspot to print (as opposed to it connecting to a local network for all devices to print). I guess at that point it has no internet connection so no worries?
  3. There is some mobile app you can get to allow you to print from a mobile device. I assumed this was the least secure.

Well, I appreciate everyone's help. Perhaps this is nothing; perhaps I'm correct and I should return for a more established non-Chinese brand.

Bob Jones
  • 1
  • 1
    Quite honestly at this point it would be guessing if the drivers would be malicious or not based on the provided information. – Jeroen Nov 09 '20 at 07:33
  • 1
    Everything is made in China. Big printer brands included. – Overmind Nov 09 '20 at 08:12
  • 1
    Why do you think Chinese products are less secure? What is your question exactly? – Sjoerd Nov 09 '20 at 14:53
  • The risks of buying a chinese printer are more or less the same as buying any other printer. –  Nov 13 '20 at 10:11

2 Answers2

1

There are all sorts of possibilities. Yes, your printer can have a call-back mechanism, with a 5G GSM SIM. Yes, your drivers can send a copy of everything you print to the Chinese authorities via the Internet.

Is this likely? No. I would say: the cheaper the printer, the less likely.

Anyway, if you want to be absolutely sure that nothing like this is even possible, you will want a printer of a different category. One that is evaluated under the Common Criteria (https://www.commoncriteriaportal.org/products/ for a list). Be sure to read the evaluation criteria too.

Most cheap printers will be compatible with some standard and may not even need propriety printer drivers.

And is your data really such that your prints may not ever be seen by anybody? Do you really carry a P-7 shredder with you too?

Ljm Dullaart
  • 1,897
  • 4
  • 11
0

The question you have to ask yourself is whether China is likely to risk exposing an exploit in order to spy on you specifically. If they incorporate malware into a consumer-grade device, it will eventually be discovered if it’s active for all users, and they will have blown their chance to use it for something important.

Mike Scott
  • 10,118
  • 1
  • 27
  • 35
  • That depends on the sophistication of the malware. If your printer already has a reason to connect to the internet (and *many* printers do), it could ferry some data back to the manufacturer's server during "standard" communication with the manufacturer. A printer that allowed print subscription services (most don't) would even be able to justify sending "metrics" to the server about what was being printed after every print job. If such behavior is hidden in read-only firmware, it will be very hard to detect. – Brian Nov 13 '20 at 14:23