I often hear from customers “Who would want to hack into my printer”?
We’ve done such a good job securing our Servers, PCs, and routers that hackers who are trying to get into your network every day and they are looking for easy ways to get a foothold. HP did a great short Video on Youtube with Christian Slater called “The Wolf”: https://www.youtube.com/watch?v=U3QXMMV-Srs
HP has really pushed the “copier industry” on Security. HP says that they have “the most secure MFD”. They even put out a $10,000.00 bounty if someone could hack into their MFD. That’s Ballsy! I love that! But we still haven’t fully answered the question Why would anyone want top hack into my printer? Here comes the answer, are you ready?
Hacking your printer isn’t about the printer! There are two things a hacker gets when they successfully take control of your Printer.
1. They get access to your documents!
2. They get a foothold in your network, behind your firewall.
I know of a town here in New England that got their MFDs hacked. And from that the Hackers were able to take down four of their Servers. Remember it’s not about the printer.
Think about the documents that pass through your printer. Are they encrypted? Probably Not. A Man in the middle attack would copy all of your print jobs to the hacker before sending them on through to your printer and you would not even notice. Maybe you’d notice that it is taking a little longer to get your prints. But not long enough for you to suspect a hacker. Hackers don’t announce themselves. They often go undetected for months.
Did you know that there is a wiki site dedicated to show hackers how to hack your printers? Or how about this web site that shows the “Default Password” of your printers or MFDs? Does your printer or MFD still use the default password? If it does you are making it too easy for a hacker to take control of your Printers and MFDs.
NECS has a Professional Services offering to Harden your Printers & MFDs. HP makes it easy with Sure Start, Inspection Detection, white listing, and runtime intrusion. These are the big four! But there is more that you can do to harden your HPs!
I know an Security Manager at a regional hospital that walks around with his phone looking for Printers that are broadcasting Wi-Fi. When he finds one, and he often finds one, he shuts off Wi-Fi! Why? Using the Funtenna software this hacker turned a Printer into a broadcast radio and listen in on a network connected phone. The Printer hacked the phone??? How did they hack the printer? By embedding the malware into a Resume that maybe an IT manager or HR person printed. Holy Cow???? As one law firm that I presented this information to, said “You have me sufficiently freeked out, now what do I do about it”?
The answer is you take Printer / MFD security as serious as you do your PCs. And why not a Modern MFD has more in common with a PC that it does with your Father’s Copier. It has a hard drive, an OS, Ram Memory, even a Keyboard and a touch screen instead of a mouse. It also has Apps, lots of Apps that can be loaded on this Smart MFD to extend and enhance its capabilities.
This is an end point, a node on your network. And as such it deserves, no demands your attention on its security. The Security Manager from that same hospital said to me. We know our printers are not secure. They fail the security audit every time we have it, BUT we have other more pressing matters that always take precedence over securing the Printers and MFDs. That’s when we can help! Farm the work out to a professional who has been trained by both HP and Canon on Security, Printer security.
Do you know that Most security Scans avoid the Printers and MFDs. Do you know why? They consider them fragile devices. Nessus or even Nmap if not set correctly can knock a printer right off the network. I have seen Nmap cause a check printer to start printing garbage on random checks until it ran out of paper. There are ways of scanning a printer \ MFD without causing a disruption (generally speaking). But even if you choose not to scan to see what ports are open \ listening you can still decide to harden your printers and MFDs.
You could set up one Canon (For Instance) and make that the Master image and clone the other Canons from it. But you better change the default password or someone else could easily turn on what you have turned off for security reasons. NECS can also set your Canon MFD to update firmware automatically. We can install HP’s Smart Device Services (SDS) and schedule the update of all your HP Printers & MFDs at off hours (1 – 4 AM).
HP also offers Jet Advantage Security Manager or JASM that can apply and enforce YOUR Secure Policy on every HP. There is even a way to set it up so new printers will reach out to HP’s JASM to get YOUR security policy as soon as they come online. Like I said HP is leading the pack in enhanced Security for Printers & MFDs, or as they like to call them A3s and A4s.
Is your copier dealer talking to you about security? Or do they just want to know what speed you want your new “copier” to be? A modern MFD needs a modern Dealer who can support you in all your endeavors, and that includes Security!
That’s my $0.02
Vince McHugh
Vince.mchugh@necsoffice.com
PS: You are never going to make your devices completely secure, security is a moving target. But that doesn’t mean you should do nothing to harden them. It’s like the two guys who see a bear and the one guy puts on his running shoes. The other guy says you can’t outrun a bear. He says I know, all I have to do is out run you. 😊 Security is like that. Make your devices less attractive to hackers so the go somewhere else.