The Fundamentals of Printer Security
By Team Pharos | January 9, 2023
In many organizations, printers are unmonitored endpoints, making them a prime target — both for hackers and government officials aiming to boost cybersecurity. The president of the United States, Joe Biden, issued an executive order in January 2022 that stipulates a need for stronger endpoint detection services for government networks. Like other endpoints, hackers can use printers to infiltrate networks.
For example, in a gray hat hack, the cybersecurity team of CyberNews broke into 27,944 printers worldwide. Once inside, they forced each printer to print out a guide on making printing more secure. The top of the document reads, “This printer has been hacked. Here’s how to secure it.” A few elements of the “attack” are particularly sobering.
First, the hackers were able to penetrate 56% of the printers they targeted, which speaks volumes about the number of unsecured printers spread throughout the world’s offices. The attackers chose to limit the scope of their operation. Even though they could gain access to other features and sensitive data stored on the printers, they decided not to. A malicious attacker might not be so gracious. Here’s a straightforward breakdown of the security concerns posed by printers, why it’s essential to take them seriously, and how to make your print infrastructure more secure.
Security Concerns for Printers
As the CyberNews hack makes it all too clear, printers can provide an entry point into internal networks. Organizations that go to great lengths to train employees to avoid phishing attacks and credential theft may still be caught off guard by a printer hack.
The threat is particularly acute because a successful printer hack can allow attackers to persist unnoticed for months or longer. While they’re in your system, they may be able to see printed documents.
This is great news — for hackers. Suppose an attacker has gained access to one or more printers in your corporate office, and they can read the documents that are being printed. Anything that gets sent for printing, customer and employee data, company secrets, financial information, and more, is in full sight. And because the hackers can stay in the system for an extended period, they can simply wait until high-value pieces of information get sent for printing. Once that happens, they can use what they find to extort your organization, commit fraud or theft, or peddle it to someone else on the dark web.
Do You Need to Worry About Printer Security?
For these reasons, printer security should be a top priority for every organization. Not only are printers attractive targets due to the information that flows through them, but hacking them is relatively easy.
For example, Shodan, a search engine that finds internet of things (IoT) devices, is just a click away. The CyberNews team used this tool to identify vulnerable printers. The hackers only have to look for IP addresses with open ports and then confirm that they are, indeed, printers. While attackers may not specifically target your organization, they can use a search engine like Shodan to execute a query that could give them access to your printers.
The Dangers Posed by Remote Work Environments
Remote work has further increased the attack surface, specifically because it has presented more remote connections. Each employee that connects from home, therefore, may introduce a vulnerability. For example, remote workers may:
- Print out sensitive work documents on home printers that haven’t been secured against attackers who could use tactics like the CyberNews hack to view them
- Store sensitive documents in their printers’ queues, which can also be accessed by hackers
- Travel to internet cafes or hotel business centers and print out sensitive documents to unsecured printers
Even industrious, trusted employees can make these kinds of mistakes. These oversights can expose your organization to attacks that would be much harder to execute in an in-office environment.
How Do You Make Cloud Print Solutions Secure?
In many ways, the answer is simple. After all, cloud printing is already more secure than an on-premise solution because it eliminates core vulnerabilities that come with a traditional print environment. But similar to a traditional environment, your first steps are to assess risk and use best practices.
Assessing your risks is the first step in securing your print infrastructure because it gives you a more complete view of your attack surface. For example, you can ask questions such as:
- How many remote employees connect to our network, and are they allowed to print at home?
- What kinds of sensitive documents does our organization print?
- Which departments tend to print documents that could attract hackers?
- What security tools do we use to safeguard our print system?
Deploy Best Practices
Best practices that encourage a more secure print environment include:
- Making sure employees safeguard any usernames and passwords they use to access your print system
- Using multi-factor authentication for everyone who can print
- Training employees about the ways hackers may try to access your print infrastructure and the kinds of information they may be after
- Using a secure release system that ensures the person printing a document is present at the printer when it comes out
With a cloud print solution, it’s easier to address your risks and deploy best practices because it enables you to:
Eliminate Print Server Vulnerabilities
A cloud printing solution eliminates some vulnerabilities associated with an on-premise print server — such as malware spreading through your computers via an on-prem print server — because print management is orchestrated in a secure cloud environment. Also, some organizations may forget to update their print servers regularly. This can leave them vulnerable to hackers. According to a document produced by hackers for the Black Hat USA conference, hackers can execute denial-of-service, protection bypass, print job manipulation, and information disclosure attacks once inside your print server.
Implement End-to-End Encryption
With a cloud print infrastructure complete with end-to-end encryption, all sent data is encrypted. Without a decryption key, an attacker wouldn’t be able to read the information being sent. In this way, you help secure sensitive data in documents. Even if a hacker were to intercept something sent for printing, they would only get a jumbled hodge-podge of characters.
Perhaps a remote employee needs to send a printing job from a coffee shop to the office. With an encrypted cloud printing solution, they could do so without worrying about a hacker stealing it. A malicious actor using a man-in-the-middle attack wouldn’t be able to read the data they stole.
Zero-trust architecture presumes that every user, device, and network is a threat—and they remain so until they prove otherwise. With a cloud printing solution, you can ensure that people aren’t allowed to access your system unless they can provide multiple proofs of identity, including physical devices, biometric data, and things they know, such as passwords. You can also use a cloud printing environment to limit the devices allowed to send print jobs. Taking these steps can considerably shrink your attack surface.
Protect Sensitive Documents with Authenticated Print Release
Protecting sensitive documents is essential because it can protect:
- Proprietary information that gets printed out
- Employee identification data they or the HR department prints out
- Data protected by government regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR)
- Customer, patient, or student information sent to printers
Far too often, these kinds of documents end up in the wrong place at the wrong time — and in front of the wrong eyes. They are frequently left in printer output trays or piled on top of equipment or tables in offices without secure printing, where anyone can see them. This is both wasteful and risky.
But by using an authenticated print release system, you can keep the info in these documents safe. This secure printing procedure ensures that only authorized users have access to your printers, safeguarding the privacy of your important data.
How Authenticated Print Release Works
When you require authentication to release print jobs, you make it so an authorized user, such as the person who sent the job, must be physically present at the printer before the document gets printed.
For instance, if someone from HR had to print a document that contained an employee’s social security number, they could use secure release to ensure it stays in the print queue until they’re in front of the printer.
The HR employee can bring a mobile device and scan a QR code attached to the printer. After the system authenticates the user, their document is immediately released from a secure queue.
To ensure document security or to simply finish crucial business activities, you can even submit print jobs from home, arranging for document release when a trustworthy colleague is present at the network device to collect it.
How Pharos Creates a Secure Printing Environment
With Pharos, you get a cloud printing solution that enhances both security and convenience. You can choose whether you want to send print jobs to the cloud or directly to the printer using IPPS or IPP protocols.
Pharos Secure Release print jobs can be saved in the cloud or on-premises. The Secure Release system can ensure an authorized user is at the printer to receive the document. Leveraging industry standards, Pharos Cloud also secures data with end-to-end encryption and encrypts any print jobs that are at rest but pending release to a secured printer.
To make it easier to implement a zero-trust policy, Pharos Cloud also verifies the identity of a user before enabling them to print by requiring an identity token and additional authentication if needed. By combining these features, you can create a more secure print infrastructure with Pharos.