Study cites multi-function printers as some of the most dangerous members of the IoT family

Print has taken a back seat to digital communications in the past decade but many environments still rely on printing to support key processes. Multifunction printers (MFPs) are prevalent in both the private and public sectors even today. They are well established in the IoT ecosystem as critical network endpoints, but this also makes them a security hazard.

Even behind a firewall, MFPs can act like a front door to the network, creating the potential for compromising corporate or customer data, according to a research paper by Quocirca, a company specializing in the impact of information technology and communications (ITC).

The firm surveyed 250 enterprises in the UK, France, Germany and the US in December 2018, alongside major printer vendors like Brother, Canon and HP. Some 66% of respondents considered print infrastructure a top risk, trailing only public cloud services, cited by 69%.

The paper outlines some of the scenarios where MFPs – which offer advanced network-centric features – can pose a grave cybersecurity danger to users. For example, the device may be used as a network ingress point if poorly secured (i.e. outdated firmware, compromised credentials, etc.), or if the printer is shared between multiple users or departments. As IoT devices, MFPs can be (and have been) recruited to botnets, which are then used to perpetrate distributed-denial-of-service (DDOS) and other attacks. Other risks are outlined in the diagram below.

 

Various scenarios can be envisioned through these points of compromise:

  • confidential or sensitive information exfiltrated by an unauthorized party
  • latent data recovered from the printer’s on-board storage after end-of-life
  • alter and reroute print jobs, open saved copies of documents, or reset the printer to its factory defaults
  • attack print devices to intercept or download copies of scanned-in documents, emails and user access credentials
  • printing queue can be paused and files copied, and the queue restarted
  • obtain confidential information, or place malware on the device
  • remote hacking via open network ports
  • interception of unencrypted data sent to the printer

Researchers therefore caution that print security needs to become a strategic board-level issue, moving beyond the domain of the IT manager to the C-suite. From the paper:

“The continued high level of print-related data breaches demonstrates that businesses need to do more to protect their devices, network and data. An organisation’s information security strategy can only be as strong as its weakest link. The expanding IoT security threat landscape means that the challenge of print security is moving beyond protecting the printed page. As IoT devices, smart MFPs are susceptible to the growing threat of DDoS attacks as well as providing an open gateway to the corporate network.”

Quocirca advise administrators to treat print security as a fundamental element of their broader security strategy. The team says print security should start with procurement. In that respect, admins should evaluate devices designed with security in mind – i.e. intrusion detection, white-listing and syslog data collection with links to established SIEM tools.

Add Comment

Your email address will not be published. Required fields are marked *