When it comes to cyber security, don’t overlook your printer

A white hat hacker recently exploited security vulnerabilities to gain illicit access to more than 150,000 networked printers. While his actions were intended to help his “victims,” what if he were looking to steal data or inflict damage? This blog helps you understand the security risks your printers pose – and how you can prevent them.

It’s happened again. According to a recent article in ITPRO, a hacker was able to gain access to more than 150,000 networked printers. Even worse, it sounds like the effort was fairly easy. In this case, the hacker, who went by “Stackoverflowin,” executed a program to search the internet to find printers that were online but didn’t have basic security controls enabled.

That was all it took, and once he was in, he had access to his victims’ most sensitive information, including recently printed documents, confidential data and even employee passwords. A wide array of printers were affected – everything from commercial printers, home-based printers, and even restaurant receipt printers – from many different manufacturers.

Fortunately, this “hacker” was actually a white hat actor (someone who uses cyber skills to improve security before malicious actors can get in) who utilized this breach as a way to warn the affected companies. Once he discovered a printer, he forced it to print a message to alert employees that their printer had been hacked. A condensed version of these printouts read, “… your printer is part of a flaming botnet … for the love of God, please close this port.” He even included a Twitter thread where users could learn more about this vulnerability and other security issues.


Printers present more security risk than you may think

It doesn’t take much information to realize just how bad this breach could have been if Stackoverflowin was a black hat hacker intent on doing as much damage as possible. It also reinforces the point that today’s printers and MFPs come with the same networking and communications capabilities that we normally associate with computers and network devices.

Why is this true? Just think how these devices are being used today. Most employees utilize them as document capture solutions, perfect for scanning documents and delivering them to centralized repositories, their own desktops, or even to contacts via email.

This means that they now come with advanced communications capabilities. For example, MFPs can send alerts when toner is low or a device is in need or repair. They can even upgrade themselves on the fly using software patches via the network. More, they also include hard drives, embedded firmware, network connections – just like a PC.


Close the printer security gap

So if MFPs are essentially computers, they are also subject to the same security risks, which is even more proof that they need effective security controls in place at all times.

But what are the best security controls?

Secure print management technology is one answer. The right print management solutions offer powerful functionality such as pull printing or “follow-you” printing to provide an added layer of security in the document environment by holding print jobs until they are released at the MFP. In other words, print jobs are not sent to specific printers or MFPs, but instead are sent to a secure server that could reside on-premise or in the cloud.

Print management solutions can also deliver a number of other capabilities to help organizations secure printers and MFPs. Examples of these include user authentication, access restrictions, network activity auditing, rules-based printing, and more. All of this helps reduce errors, automatically mitigate the risk of non-compliance, and avoid the fines, reputation damage and other costs associated with security breaches.

To learn how you can increase security related to your printers and MFPs, we invite you to download the Nuance whitepaper, “Security Made Easy,” now.

Download our printer security whitepaper

To learn more, please download the Nuance whitepaper, “Security Made Easy.” You’ll see how document capture, workflow and print can significantly reduce the risks – and consequences – associated with cyber attacks today.


Tags: , ,

Jeff Segarra

About Jeff Segarra

Jeff Segarra is the Senior Director of Product Marketing for the Nuance Document Imaging Division. He is responsible for the global team that delivers industry product positioning, messaging and content to help our customers around the world identify how Nuance solutions can meet their needs. He enjoys speaking and writing about business process improvement, The Internet of Things, document security, document conversion technologies and personal productivity. He has an MBA from Iona College, Hagan School of Business and has been working with software technology for 20 years. Jeff is an original New Yorker and, therefore, a staunch Yankees fan – in the heart of Red Sox nation.