Do you think that printers can’t be hacked as there is really nothing to hack in there? You might be completely wrong! Printers have been a favorite target of hackers for a while now. They are routinely compromised, whether they are setup at home or in a large corporation. People often think that hacking a printer would involve only sending random print jobs that will waste some paper and ink but cause no serious harm.
However, the reality is something totally different. Printers are a gateway to the connected system and into the whole network. Since they do not have sophisticated computing capabilities, they cannot have an in-built elaborate cyber security solution. The inherent risks due to poor printer security are high and can lead to serious information security breaches. Some of the serious impacts of a breached printer are:
1. Hack on Wi-Fi printers:- Wi-Fi printers are easiest to hack as the hackers don’t need to be connected to the network on which the printer is setup. In fact, they do not even need to be very close to the device. A printer with a good Wi-Fi module can connect to the router which is placed over 50 meters. This means a cyber-criminal sitting as far as 50 meters, on the other side of the road or in the building next door can easily hack your printer. Once he hacks into the printer, he can get a ‘backdoor’ entry into the enterprise network, leaving the whole network and all connected devices vulnerable to a breach. All security precautions related to a wireless network should be taken while installing and connecting the wireless printer even on a hard-wired network.
2. Increase in cost and maintenance due to unauthorized use:- Wastage of ink and paper is not the only cost of loading the printer with print jobs. It can jam the printer which will now require more maintenance than usual. It will wear off the printer parts (motors, gears etc,) faster and render it unfit for operations. The cost of repairs and time of IT department spent in repairing them can be quite high. The mischievous bulk job can jam the printer interface, making it unavailable for anyone else to use (eg: imagine printing a whole encyclopedia). Not only that, there is an additional cost of disposal of the printed paper, which is now useless for the organization. If the hacker prints any illegal or objectionable material and it is not disposed off quickly, it can cause legal troubles for the organization.
3. Sensitive information leaks:- Printers store the documents temporarily in their own memory before they get printed. The information in the printer memory is in a final print format which is not encrypted and thus can be deciphered easily. The hacker can access the printer memory and retrieve the document from there. If the duration of the attack is long enough, hackers can accumulate many documents retrieved from the compromised printer’s memory. In the worst case, where the hack is not detected, the sensitive information may be leaked over many months. The leaked information could be used by competition for its benefit. It can also be made public harming the reputation of the company. In the worst case, it can have legal repercussions for the firm.
4. Physical safety risks:- It may be difficult to believe, but it is possible to put a printer on fire just by hacking it. This is done by changing the internal programming of the printer and suddenly starting the printer’s paper feed motor at very high speed. The friction causes the paper to catch fire and subsequently,the printer which is made of plastic polymer catches the fire. This is not an exaggeration but has been demonstrated under benevolent settings. If the printer catches fire, there is a danger of fire to the building and to the life of its occupants. Who would have thought that a printer could become a threat to life and property?
Printer, a seemingly harmless device can become a treasure trove of confidential information for a skilled hacker. Whether at home or in a corporate setup, printers must be secured to prevent their misuse. They should be sitting behind the security system which can detect anomalous movement of data on the network. The security solution must also ensure that printer’s Wi-Fi port is connected only to an authorized network. Lastly, using a printer with physical cable connection is the best precaution against a hack. It ensures that all data to and from the printer can be monitored by the enterprise security solutions to detect any mischievous behavior.