Remember how great it is to have a multifunction printer; one that will scan, print, email and fax?
Cybercriminals think they are pretty great as well because they can become a gateway to stealing data or wrecking a network according to Carl Mazzanti, CEO, eMazzanti Technologies, an IT expert and computer consultant in the Hoboken, NJ and NYC areas.
“The bad guys are always looking for easy ways to break into a network at work or at home,” said Mazzanti.
In a presentation at the last DefCon 19 conference, security researcher Deral Heiland demonstrated various ways to break into an Internet-ready, multi-function printer. These include printers that can scan to a file, scan to email, and fax documents, and the vulnerabilities he found are similar across all printer OEMs.
According to Mazzanti, Heiland recommends that If a user has not taken the time to access the administration control panel webpage for his printer and change its default passwords, he might want to do that sooner than later. However, that will only partially slow down a very persistent criminal.
For example, Heiland demonstrated that if a user did change the default Toshiba printer password from 123456 to something unique, a criminal can simply add an extra backslash to the URL to gain administrator access to the device. Heiland also said that if user copies the URL from the HP Officejet printer login page and then add “page=” to the end and paste it back in, this will bypass any new passwords that have been added to those printers. This could let a hacker access sensitive documents that have been recently scanned or printed.
eMazzanti notes that on some of the printer administration webpages, basic coding mistakes can also expose sensitive information such as passwords.” With the HP Officejet multifunction page, Heiland was able to right-click the page in Firefox in order to see the plaintext of the password normally hidden by black dots. The same, Heiland said, was true on the Toshiba models he’d tested,” continued Mazzanti.
For office printers, internal address books are often used to route faxes and scanned documents to specific workstations. Heiland discovered that Canon requires an attacker to first have a cookie–which, if they are using a Google search to find the administration webpage over the Internet, they would not necessarily have. But if a user clicks to the Home page tab, Heiland said a computer will receive a cookie that allows a user to retrieve the plaintext address book from the printer.
Heiland added that Canon did fix this vulnerability on most of its ImageRunner line, but he found two models–IR3580 and IR4080–that still allowed for this particular hack to work.
In another demonstration, Heiland, was able to redirect the test pages that most printers spit out by intercepting the Lightweight Directory Access Protocol (LDAP) in a sort of man-in-the-middle attack. Here he attacked Sharp and Ricoh printers, redirecting their test pages to him, and setting him up as a valid user according to eMazzanti.
Hacked Printer Stories
Mazzanti reviews a few recent printer security stories to demonstrate the ubiquitous nature of the printer attacks across all different manufactures.
According to a July 27, 2012 story in Computerworld: “The Blaster worm hit McCormick and Co. hard and fast. It entered the famous spice company through a service provider connection and ripped across plants and offices in a matter of hours. What was most vexing, however, was that the virus kept coming back on disinfected network segments.
Upon further investigation, it turned out that Blaster, as well as some instances of the Sasser worm, were trying to re-propagate from infected network printers.”
“What is interesting about stories of corporate printer attacks is that their IT departments may still be complacent,” said Mazzanti. “ Instead of patching and hardening printers against malware attacks, printers are loaded with more complex applications than ever before, running a multitude of vulnerability service software imaginable; all with little or no risk management or oversight.”
Bob Sullivan, a columnist for NBC News wrote a November 29, 2011 article entitled Millions of Printers Open to Devastating Hank Attack Researchers Say.
Sullivan poses the question: “Could a hacker from half-way around the planet hijack your printer as a copy machine for criminals, making it commit identity theft or even take control of entire networks that would otherwise be secure?” According to researchers at Columbia University that Sullivan references, this kind of security breach is not only possible but probable.
The article goes on to say: “Printers can be remotely controlled by computer criminals over the Internet, with the potential to steal personal information, attack otherwise secure networks and even cause physical damage.”
Another news article on Internet-ink.co.uk entitled Security Threats for Printers, “The internet’s increasing importance to society means that there are now more threats to computer users than ever before. Despite a rise in antivirus and firewall software, online threats still linger for computer users and it is important that customers are as well-prepared as possible
Due to sophisticated viruses currently circulating online, malware can now easily spread to internet-enabled devices, potentially causing errors in printers and wasting the capacity of ink cartridges.”
Hire a Professional IT Expert
“Businesses with security threats on any device should seek professional IT help to protect networks and data,” said Mazzanti. “Management that insists it can stay up with all the security threats by themselves are going to regret not hiring an expert when a system goes down or data is corrupted or stolen.”
About eMazzanti Technologies
Carl Mazzanti is CEO of eMazzanti Technologies located in the Hoboken, NJ and New York City area. eMazzanti is an IT support and computer consultant that specializes in disaster recovery and business continuity, mobile workforce technology, computer network management, information security and cloud computing. As an outsourced IT expert, eMazzanti can provide the perfect solution for businesses in the professional services, education, manufacturing, technology and retail sales industry segments. Flexible support plans range from 24×7 network coverage for a fixed-fee to customized solutions that are designed for unique business environments and demands. eMazzanti’s cadre of network engineers are extensively trained and well-credentialed with the latest Microsoft security and business operations certifications to better meet customer needs.
eMazzanti provides business technology consulting services for companies ranging from home offices to multinational corporations in the New York metropolitan area, the United States and throughout the world. eMazzanti Technologies is Microsoft’s 2012 Partner of the Year for the third year, WatchGuard’s Partner of the Year for four years running and made the Inc. 5000 for the third year in a row. For more information contact: Carl Mazzanti 201-360-4400 or emazzanti.net. Twitter: @emazzanti , Facebook: Facebook.com/emazzantitechnologies.