Why Print Drivers Are Increasingly Becoming a Nightmare for Corporate IT
By Masha Kozinets | June 21, 2022
In July 2021, a report revealed that millions of computers dating back to 2005 contain a print driver that introduces a dangerous vulnerability, which cyberattackers could use to escalate system access privileges. This makes it possible for someone with no administrative access credentials to access restricted areas of a system and initiate an attack on a network and get access to sensitive data.
While the potential fallout of this vulnerability is huge, the discovery itself is not new. Print drivers have long been an attack vector for cybercriminals seeking to penetrate otherwise secure machines and networks. In addition, managing print drivers is time-consuming and cumbersome in hybrid and work-from-home environments, which leaves print driver security risks unmitigated.
By using a cloud-based print management solution, you can eliminate many of the challenges traditional print drivers present, as well as enjoy a convenient, straightforward experience—for both IT staff and employees.
Read more about overcoming the challenges presented by print drivers.
Here’s why and how print drivers introduce vulnerabilities, the problems inherent in a traditional print infrastructure, and how a cloud print management solution creates a more productive, secure work environment.
The Traditional Print Environment Explained
In a traditional print environment, computers connect directly to the printer—through a network using an IP connection. When users connect via the network, they don’t have to physically connect their computer to the printer. Similar to other network-enabled connections, the printer and the computer are connected via Internet Protocol (IP). This enables the print job to go straight to the printer.
In addition, employees can install new drivers on their own computers, if this is something they’re allowed or able to do. Also, if all computers that connect to the network run the same operating system, a network admin can update all of the print drivers at the same time.
But this setup has disadvantages, too:
- Admins and end-users spend considerable time installing drivers
- When several people try to print at the same time, the system can get clogged up by all the traffic, resulting in the printer running out of buffer memory and not being able to print new jobs
- It introduces vulnerabilities that allow hackers to escalate privileges. They then use these privileges to execute other attacks or access sensitive digital assets on your network
Traditional Print Driver Management’s Impact on Productivity
In addition to introducing security vulnerabilities, traditional print driver management can also significantly reduce productivity. IT admins are responsible for installing and updating print drivers across your organization. An install happens for various reasons, including:
- Updates to improve functionality
- Updates to address security vulnerabilities
- Power outages that can damage the existing driver
Once an admin identifies the need for a new driver installation or update, they have to figure out which method to use, whether the update should be done on other machines as well, and how to fit this task into an already busy schedule. Installing and updating is not only time-consuming, but it can also pull IT staff away from other business-critical tasks.
Traditional Print Driver Management with a Remote or Hybrid Workforce
With more and more organizations incorporating remote or hybrid work options, it’s crucial to maintain an infrastructure that’s flexible and agile. Traditional print driver management is often incongruent with a remote or hybrid work ecosystem. It may not be feasible for admins to arrange and execute remote installs or initiate the videoconferences or Remote Desktop Protocol (RDP) connections necessary for remote users to start printing. This negatively impacts your organization’s security posture. For example, it can allow printers that aren’t updated to the latest certified driver to be a part of your network, making the network insecure.
With a cloud print infrastructure, not only can users connect to the printing system and submit their jobs easily and quickly, but if an update is required, the cloud print management provider takes care of it. This can free up enormous amounts of time for IT, which they can invest in other important projects.
The Potential Vulnerabilities Print Drivers Introduce to Your Security Architecture
Print drivers consist of software that enables your computer to communicate with a printer. They make sure the printer is available to perform the job, that there’s a link between your computer and the printer, and that the job gets sent directly to the printer you’re trying to use.
You may remember when people had to install drivers for USB devices. Similar to print drivers, these made it possible for your computer to interact with the external USB device. But in addition to simply forming a link, the print driver enables the computer to exercise control over the printer.
Printer drivers are useful for giving users a wide range of printing options. However, print drivers also introduce multiple security risks, such as basic default credentials, printing without permissions to unsecured printers, unauthorized configuration changes, and unauthorized data access and recovery.
If hackers exploit these vulnerabilities, they could install applications and create new user accounts, as well as access, change, delete, or encrypt data.
How Print Drivers Introduce Vulnerabilities
On Windows machines, in particular, vendor-provided drivers increase the chance of a vulnerability making it into your network. Because of the way the Windows system handles driver deployment, admins must implement print drivers as a shared resource using common protocols. IT teams may find it difficult to choose print drivers with adequate security measures, providing bad actors with a path to propagate their malicious payload across the network.
For instance, commonly used protocols, such as the Simple Network Management Protocol (SNMP), can be subject to man-in-the-middle attacks. During this kind of attack, a hacker transmits a large number of SNMP queries using a fake IP address to the printer, which the printer replies to. This paves the way for the hacker to take control of the printer. Once they have the control, they can manipulate print job schedules so they can physically steal sensitive documents later.
However, a far more dangerous vulnerability exists on printers with the ability to email scanned documents to users. An attacker can use the printer’s emailing capabilities to launch phishing attacks. These may be even more effective than typical spam-based phishing emails because they could look like they came from a trusted device: your printer.
In this kind of attack, the bad actor can leverage the control they gain over the printer via the SNMP protocol to send an email—one that looks like it came from the printer—to someone in your organization. The email could contain a link that downloads malware onto their computer or lead them to a site where they’re asked to enter sensitive login credentials. Because it seems like the message is sent by the printer, the victim may be caught off guard.
On the other hand, with cloud-based printing, you don’t have to depend on manufacturer-provided drivers or a network admin properly setting up all communication protocols for your organization to be able to print securely. You get secure, reliable printing at the get-go because print drivers and print driver management are no longer part of the equation.
Reducing Print Driver Vulnerabilities with a Cloud Printing Infrastructure
With a cloud printing infrastructure, you can reduce the possibility of printer vulnerabilities, such as PrintNightmare or lesser-known bugs like CVE-2021-3438, impacting your system. In general, this is how cloud-based printing works:
- An admin installs an agent on each computer and device employees use for printing, which makes it possible for each device to print
- An application on the network enables computers connected to it to access the cloud
- The client agent on the computer or device buffers the job, storing it until it’s ready to go to the printer or uploading it to the cloud so it can be printed later
This process makes it possible for the document to be printed either from the cloud or directly from the user’s computer.
As a result, you eliminate the on-premises driver “middleman,” effectively removing a prime target for attackers. Cloud print infrastructure is more secure because the print data and information contained in documents gets sent directly to the cloud service using end-to-end encryption. Even if a hacker intercepts the data stream, they wouldn’t be able to read sensitive documents without the decryption key. In addition, you can configure your cloud-based printing solution to only print documents if a specific user is physically present at the printer. This prevents passersby or information thieves from getting their eyes on sensitive information.
Secure Cloud-Based Printing with Pharos Cloud
A cloud-based print solution such as Pharos Cloud manages the entire print infrastructure. It uses a universal print driver that is compatible with thousands of different printers. In this way, you have one single driver that can control multiple printers from different manufacturers. This comes with key advantages:
- Security: Because Pharos Cloud handles driver management, users or IT don’t have to find the drivers to install on their devices, which could otherwise introduce a vulnerability.
- Convenience:Instead of IT having to install drivers on multiple computers every time there’s an update, Pharos Cloud eliminates the need to install drivers across your environment.
- Increased productivity: Network admins don’t have to spend time manually installing new drivers and updates, freeing them up to work on more pressing projects.
- Easy print provisioning for remote employees: With a cloud-based solution, it’s fast and easy to add new users because there’s no need to physically be in front of their computer or device. Your IT team can handle print management remotely.
To learn more about how your organization can benefit from cloud-based printing, request a demo of Pharos Cloud today.