It’s happened again. According to a recent article in ITPRO, a hacker was able to gain access to more than 150,000 networked printers. Even worse, it sounds like the effort was fairly easy. In this case, the hacker, who went by “Stackoverflowin,” executed a program to search the internet to find printers that were online but didn’t have basic security controls enabled.
That was all it took, and once he was in, he had access to his victims’ most sensitive information, including recently printed documents, confidential data and even employee passwords. A wide array of printers were affected – everything from commercial printers, home-based printers, and even restaurant receipt printers – from many different manufacturers.
Fortunately, this “hacker” was actually a white hat actor (someone who uses cyber skills to improve security before malicious actors can get in) who utilized this breach as a way to warn the affected companies. Once he discovered a printer, he forced it to print a message to alert employees that their printer had been hacked. A condensed version of these printouts read, “… your printer is part of a flaming botnet … for the love of God, please close this port.” He even included a Twitter thread where users could learn more about this vulnerability and other security issues.
Printers present more security risk than you may think
It doesn’t take much information to realize just how bad this breach could have been if Stackoverflowin was a black hat hacker intent on doing as much damage as possible. It also reinforces the point that today’s printers and MFPs come with the same networking and communications capabilities that we normally associate with computers and network devices.
Why is this true? Just think how these devices are being used today. Most employees utilize them as document capture solutions, perfect for scanning documents and delivering them to centralized repositories, their own desktops, or even to contacts via email.
This means that they now come with advanced communications capabilities. For example, MFPs can send alerts when toner is low or a device is in need or repair. They can even upgrade themselves on the fly using software patches via the network. More, they also include hard drives, embedded firmware, network connections – just like a PC.
Close the printer security gap
So if MFPs are essentially computers, they are also subject to the same security risks, which is even more proof that they need effective security controls in place at all times.
But what are the best security controls?
Secure print management technology is one answer. The right print management solutions offer powerful functionality such as pull printing or “follow-you” printing to provide an added layer of security in the document environment by holding print jobs until they are released at the MFP. In other words, print jobs are not sent to specific printers or MFPs, but instead are sent to a secure server that could reside on-premise or in the cloud.
Print management solutions can also deliver a number of other capabilities to help organizations secure printers and MFPs. Examples of these include user authentication, access restrictions, network activity auditing, rules-based printing, and more. All of this helps reduce errors, automatically mitigate the risk of non-compliance, and avoid the fines, reputation damage and other costs associated with security breaches.
To learn how you can increase security related to your printers and MFPs, we invite you to download the Nuance whitepaper, “Security Made Easy,” now.