Printer Hacking: A Cautionary Tale

Think those network printers spread around your office cannot be targeted in the same way that your phone, or your computer, can be? Better think again. As the technologies that we surround ourselves with become more connectable, the opportunities to exploit those technologies increase.

In March of 2016, a well-known hacker (who will receive no additional credit here by the mention of his name), gained access to almost 29,000 printers located at college campuses across the US. He was then able to remotely print multiple copies of a racist and anti-Semitic flyer. Students and staff at some of the most prestigious and populous universities in America, and even some off-campus individuals not associated with the universities, reported finding the offensive flyers mysteriously appearing in the output trays of their printers and fax machines.

The hacker’s methods, however, are not so mysterious. In fact, he was able to accomplish this dubious stunt by relying on one, simple fact – that most network printers are never properly secured.

By using only two lines of code, he was able to scan the internet looking for unprotected printers that were connected to the web using an open port – the connection point between a device and the internet. He then created a file that contained a flyer advertising an extremely offensive website. The printers that he had gained access to were then remotely directed to print the file.

Sound easy? It was. In the murky and complex world of hacking, this was the golfing equivalent of a two-inch putt.

The hacker claimed that his motive was purely to spotlight the risks posed by our increasing tendency to connect devices to one another across the “Internet of Things (IoT)”. As noble as that may sound, it is fairly clear that he was not acting in the public’s best interest and was only out to create havoc and make a name for himself.

The hacker gained remote control of the printers because they were all connected to the Internet via open and unsecured connections. Older printers that still remain online might not always have the security options that are found on today’s printers. But even when they do, the question of how often those security options get used is a pertinent question.

After the authorities tracked him down, and after he was interviewed by various press outlets, he claimed to have identified more than a million similar, unsecured printers at locations which utilize publicly available network access (mainly college campuses).

The lesson to be learned by this example is that network printers, just like any other kind of device that includes network accessibility, are vulnerable to attack. And just like all those other devices, they don’t have to remain that way.

Almost all printers available today, even off-the-shelf consumer models, include some level of integrated security. The enterprise-level printers available from Capital Business Systems include some of the strongest security options available, especially when matched with our managed print services.

For more information on how Capital Business Systems can help manage and secure your printing environment, please contact us today.