MFP Security Overview and “Cheat Sheet” Now Available

Understanding the security threat printers pose and recommendations on how to mitigate vulnerabilities

9526

03/25/2021

Jamie Bsales

 

Followers have heard us mention time and again the security threats that Internet-connected printers and MFPs can pose to a home or corporate network. Not surprisingly, as the experts in all things MFP- and printer-related, we are constantly asked about what these vulnerabilities are and (more importantly) how to mitigate the risks.

 

We’ve boiled down our collected knowledge into a single presentation that outlines the threat landscape, talks about real-world examples of printers and MFPs having been the chink in the armor of an otherwise secure network, and the features an MFP should offer to help lessen the risk. We even compiled a “cheat sheet” based on hands-on testing of some of the common (and not-so-common) configuration settings dealer technicians and IT personnel should know for more secure device setup and operation.

 

How real is the threat? One of our favorite anecdotes comes from the security testing and consulting arm of Accenture (our partner for IoT penetration testing). To prove that printers do indeed pose a threat, their “white hat” hackers were able to commandeer the embedded OS of a major-brand inkjet MFP and get Doom to run and display on the device’s control panel. The point being that it could have been any malware injected into the device instead of a game.

 

Hackers were able to get the game Doom to run on the OS of an MFP
and even display it on the control panel.

 

Another example includes, in 2019, security researchers in the Microsoft Security Response Center discovered infrastructure of known Russian hackers communicating to several external devices, as well as attempts to compromise popular IoT devices (including an office printer). After gaining access to the devices, the hackers ran tcpdump to sniff out network traffic on local subnets. So even though other endpoints on the network are secured, an MFP can act as an unlocked back door.

 

The good news is that equipment makers have been doing a better job developing secure devices. Many enterprise-class MFPs now include whitelisting capabilities so only approved code can be loaded and run. We are also seeing BIOS/firmware integrity checking (pioneered in this space by HP, which took the cue from its PC division), where that critical code is checked against a known “clean” version to see if it has been altered. Several manufacturers also support integration with leading security information event management (SIEM) platforms, which collect and analyze machine data from across an organization's IT environment to provide organizations with real-time indicators of potential security violations.

 

Our new presentation has all this information and more, and we encourage anyone tasked with MFP/printer security responsibilities to check it out.

 

Subscribers to our Office CompleteView Advisory Service can log in to the InfoCenter to view the full analysis presentation. Not a subscriber? No problem. Just send us an email at sales@keypointintelligence.com for more info.