Security researchers from CyberNews warned that cybercriminals could take advantage of unsecured internet-connected printers to control corporate networks and access sensitive information like device names, locations, device models, firmware versions, IPP (Internet Printing Protocol) port, and Wi-Fi SSIDs. In a bid to make users aware of the potential cyberthreats associated with connected printers, the CyberNews security team hacked over 27,944 vulnerable printers globally and forced them to print a document.
The Experiment
The researchers found more than 800,000 unsecured printers online by using Internet of Things (IoT) search engines based on the printer location, manufacturer, and protocols used to access the printers. All these open devices use common printer ports, protocols, and were accessible over the internet. Out of 800,000, the research team successfully targeted around 500,000 printers.
“After selecting a sample of 50,000 open printers and creating a custom printing script, we managed to print out PDF documents on 27,944 unprotected devices,” CyberNews said.
The Result
The researchers stated that they were able to compromise vulnerable printers using their customized printing script. “We managed to hijack 27,944 printers out of the 50,000 devices that we targeted, which amounts to a 56% success rate. Taking this percentage into account, we can presume that out of 800,000 internet-connected printers across the world, at least 447,000 are unsecured. These numbers speak volumes about the general lack of protection of networked devices worldwide,” the researchers said.
How to Secure Your Printer
CyberNews stated that the safety of the internet-connected printers can be ensured by:
- Securing your printing ports and limiting your printer’s wireless connections to your router
- Using an updated firewall
- Updating printer firmware to the latest version
- Changing the default password
“Many users and organizations still use internet-connected devices without thinking about security, installing firmware updates, or taking into account the implications of leaving their devices publicly accessible. This means that the humble printer remains one of the weakest links in the security of both organizational and home networks,” CyberNews added.
A Persistent Threat
Similar research from Quocirca revealed the risks of unsecured printers. It stated that 60% of businesses in the U.K., the U.S., France, and Germany suffered a print-related data breach last year, which resulted in a data loss that cost companies an average of more than $400,000. In addition to financial loss, data breach victims also suffer damage to productivity, consumer confidence, and brand value, the report said.