Column: Printers require security to keep data from hackers

Select an option below to continue reading this premium story.

Already a Honolulu Star-Advertiser subscriber? Log in now to continue reading.

Get unlimited access

From as low as $12.95 /mo.

Subscribe Now

Ever find yourself searching for a free Wi-Fi connection and come across something like HP-M477 LaserJet? Anyone who’s tried to connect to something like that has found that while it often shows as being open, or unencrypted, it doesn’t get you on the internet. Not only does it seem useless in that fashion it represents one of the biggest security weaknesses today.

This Wi-Fi connection is actually a printer. While many folks set up their printers to work on Wi-Fi networks, others don’t use the wireless connection. And instead of disabling or securing the Wi-Fi connection, they simply leave it up, on the default settings.

Anyone with a reasonable degree of computer knowledge can easily hack into the printer this way. Many folks have the attitude, “Oh, it’s just a printer. It’s got no data stored in it. Why would a hacker be interested in it?”

This is the wrong attitude. True, most printers don’t store data in them, although some keep print jobs (or scans, or faxes, on multifunction devices) in memory for a short period of time. But once you’re in the printer, you’re in the network.

Once you’re in the network, an experienced hacker can get information out of the printer that can be used to hack other parts of the network. For example, many printers authenticate into the companywide user directory, most commonly Microsoft’s Active Directory (AD). If a hacker gets into the printer, he or she can then attack the AD. And once they get into the AD, they own your network.

Another printer hack is sending printouts either designed to get the owner in trouble or, more nefariously, trick some unsuspecting person into calling for support. In the former case there have been instances where racist flyers were printed out, then reported to the media. In the latter case a printer endlessly prints jobs claiming the printer has been compromised, with an 800 number. Call the number, give them your credit card and voila! you’re another crime victim.

Don't miss out on what's happening!

Stay in touch with breaking news, as it happens, conveniently in your email inbox. It's FREE!

By clicking to sign up, you agree to Star-Advertiser's and Google's Terms of Service and Privacy Policy. This form is protected by reCAPTCHA.

Similar actions can be done on any endpoint in your network. In one of the most recent major hacks, the culprit was an AC controller. A hacker discovered the controller, targeted it, got into the network, found more vulnerabilities and was able to gain control of a ton of confidential data.

Printers, however, have been a popular mark. Think about it: Almost no one runs Windows 98 or XP anymore, with lack of security being a main reason. But people don’t think twice about using printers that came out at that same time. Those printers have not and, in many cases, cannot be updated to be more secure in contemporary environments.

The good news is that new printers from all manufacturers are incorporating more advanced security. So, when buying a new printer, in addition to specs like pages per minute and resolution, review the included security features. As of this writing, HP is the clear leader in security features, but other vendors are catching up. If you recently bought a printer, look into whether there are any updates. It’s possible that an update will include more robust security features.

John Agsalud is an IT expert with more than 25 years of information technology experience in Hawaii and around the world. He can be reached at jagsalud@live.com.