Professional Documents
Culture Documents
Ethical
Hacking Boot
Camp
OUR MOST POPULAR COURSE!
CLICK HERE!
What's this?
Telecommunications
to the network like other devices. Nowadays, most corporate offices or organizations
have a large number of printers within their building, which print sensitive
information’s that can be hacked and exploited. In earlier times, printers just had the
function to print the requested data. As technology developed, new printers were
used with inbuilt memory and various security features.
Multi-Function Printers
An MFP is a device that can provide the functions of multiple devices. It is used in
home for small footprint, in a small-scale business setting, or in a large-scale
corporate company. A typical MFP is a mixture of various devices such as a fax, email,
photocopier, scanner and printer.
MFPs are divided into two types: inkjet and laser. Inkjets are exceptional in creating
high-quality color graphics while laser printers excel in printing large amounts of
documents. MFPs are also divided into various segments. Depending on the features
offered, there are four types: (i) All-in-one for a small office; (ii) SOHO MFP for a large
desktop in small office; (iii) office MFP for a central office system; (iv) production,
which is a printing MFP- reprographic department device.
MFPs contain many features, such as SDK, advanced LCD panels with optical mouse
and keyboard attachments, wireless data capability, IPv6 support, storage capacity
(HDD), active directory, SNMP support, editing capabilities, finishing capabilities, fax
sending and receiving capability, forwarding to email (via SMTP), color fax capability,
resolution DPI, direct CD/DVD label printing, automatic document feeder (ADF),
security of scanned documents, cordless phone, TCP/IP fax methods, answering
machine, and many more.
Internal Architecture
As you know, printers can be installed very easily. The connection provided will be
either cable-based or wireless. The setup process differs for each network printer.
Network printers can be accessed either by DHCP (dynamic host configuration
protocol) server or static network addressing. Static addressing is mainly used in
small offices, while dynamic helps to automatically address each network in large
corporate offices. After connecting from workstations, direct connections can be
made. For example: In Windows OS, select Control Panel>Devices and Printers>Add
Printer then wizard starts the search for printers.
These processes include printers that don’t have network-enabled capability. Non-
network printers can be accessed through USB ports on the server and also through
a parallel port that is connected to the network at another port. The server setup
depends on the features included by manufactures and the device’s complexity. The
advantage of this type of printers is that after setup it seems similar to that of the
network printers to the workstation. Some of the printers in this are low-end and
high-end types, depending on their functional states:
A hacker can take advantage of the vulnerabilities in the printer and can modify the
data pre-defined in the printer. The permissions assigned to different users may be
different. Once bypassed, this information could be edited, depending on the
hacker’s requirement.
The mixture of mobile apps, cloud printing technology, and the continuous
penetration of OS-based personal devices in companies has made it is easy for every
attacker. An attacker could develop a malware for such device, which could be used
to gain access to the printers connected in the network. After gaining access, the
entire network can be bypassed easily.
SQL injection
It’s a type of attack in which the SQL function spyware is installed into the firmware
by the attacker. The continued use of many web-based features or applications may
lead to a phishing attack, through which the attacker deploys malware to the
desired location. The threat level of the printer is same as that of a PC. Any person
Denial of service
The amount of data to be printed varies according to the request made by the user.
Since these all are processed through networks in MNC’s, by increasing the traffic in
such networks an attacker could bring down the device. The large number of
request made by intruder might be a bit difficult to handle. This could result in the
malfunction of the printer.
Want to learn more? The InfoSec Institute Ethical Hacking course goes in-depth into the
techniques used by malicious, black hat hackers with attention getting lectures and
hands-on lab exercises. You leave with the ability to quantitatively assess and measure
threats to information assets; and discover where your organization is most vulnerable to
black hat hackers. Some features of this course include:
COMPANY EMAIL
*
TRAINING BUDGET
*
Device commissioning
Most of the corporate companies MFPs handle a large amount of information and
disk drives integration. Access from unauthorized personnel gives sensitive
information that is revealed by scanning. E.g.: The NYPD sold their MFPs, exposing
details of an ongoing investigation during 2010.
A chip can be replaced on printer’s circuit board and also by firmware modification.
It can be plugged into network’s port of MFPs, which can be used to store or forward
data packet information.
HTTP attack
PJL attack
Anonymous FTP servers are used to drop print jobs into MFPs. Passive mode FTP
provides passive FTP forwarding, making it vulnerable. This helps us to use it as a
proxy server, which allow the hiding of IP address of the attacker, making it
untraceable and redirecting without discovering of network attacks.
SNMP attack
Most of the MFPs have backdoor administrator access. Attackers can access through
a default password by SNMP (simple network management protocol), since it is
stored in the SNMP variable from where anyone can access if they know location of
variable or address of the MFP. Structure of the network can be obtained through
just sniffing the SNMP traffic.
resetting it manually.
Hackers can use touch screen technology in printers by just altering
the FTP settings.
SNMPv3 for data encryption components with extensive secure capabilities for
remote management.
Separation of fax/network from each other.
Use of NTP Protocol for clock synchronization.
TCP connection and port filtering.
Controlling network traffic by encryption and authentication.
TLS to secure LDAP and having security templates.
Auto insertion of email addresses, causing eradication of anonymous emails.
Confidential print will help remove print jobs in RAM after an elapsed time set.
Encryption of hard disk with AES key and physical lock support.
Both automatic disk and out-of-service disk wipe should be configured.
Non-volatile memory wipe helps to clean forms of flash memory.
Check security of the data transmission across the workflow.
enters. This proves no need of any tools or code for access. For accessing through
telnet: telnet 192.169.1.2 9100. NetCat accessing: e.g., echo @PJL RDYMSG
DISP=\’Text’\ netcat –q 0 192.168.1.2 9100.
Next step is to obtain the password, since both telnet and the device password used
are similar for software along with Web interface. All the passwords entered are
registered into the registry when you use it, so sniffing tools and a brute force attack
help to obtain the password from the printer’s registry. SNMP vulnerability also
allows getting the password just by interfering the community name of the network.
Many of the printers in a network could be found out by Nmap and SNMP tools
along with an UDP scan. Printers can be also obtained from the Internet, since most
administrators store data in an intranet, e.g., inurl:brand/device/this.LCDispatcher.
Spam can be used to iterate the data by accessing tool in Windows and Linux.
Network printers are easily exploitable to gain unauthorized access to data and Wi-Fi
pin settings.
Conclusion
The subject of network printer security is indeed a developing problem in corporate
offices or organizations. Many numbers of vulnerabilities or threats or risks can
happen to multi-functioning printers, but only some number of security measures.
The efficient method is to provide assess or analyze the critical threats of the each
corporate organizations and tackle them according to the risk occurring. So it is as
necessary to consider the security of printer as that of PC, since both have large
amounts of sensitive data and information.
References
http://www.networkcomputing.com/network-security/security-flaws-leave-
networked-printers-open-to-attack/d/d-id/1108321?
http://dwaterson.com/2013/04/01/network-printers-an-overlooked-security-
threat/
http://www.forbes.com/sites/ciocentral/2013/02/07/the-hidden-it-security-
threat-multifunction-printers/
https://answers.uchicago.edu/page.php?id=42399
http://thehackernews.com/2013/08/hacking-HP-printers-Vulnerability-wifi-
password.html
http://www.extremetech.com/computing/106945-tens-of-millions-of-hp-
laserjet-printers-vulnerable-to-hacking
http://www.dailytech.com/Exploit+Could+Literally+Allow+Hackers+to+Set+HP+Printers+on+Fire+FBI+Briefed/article23388.htm
http://www.darkreading.com/vulnerabilities-and-threats/hp-disputes-printer-
security-vulnerabilities/d/d-id/1108394?
Tweet Delen 67
204 submit Like
Share
reddit
Phishing Simulator
Security Awareness
EDITORS CHOICE
Information Security
Security Awareness
DoD 8140
Ethical Hacking
CCNA
PMP
Microsoft
Incident Response
Information Assurance
Domain-Based Message
Authentication Reporting
and Conformance
Database Security
CRISC Frequently
Top 5 Security Buy Now and get a
Asked Questions
Apps for iPhone… FREE…
(FAQ)
# # #
How to Develop an
Incident
Response…
#
2 responses to “Exploiting Corporate Printers”
Arglex1 says:
September 28, 2015 at 1:46 pm
You guys really need to get an editor and have these articles proof read before posting them. It appears that
whomever wrote this uses English as a second language. It is painfully difficult to follow.
Reply
Nicolas says:
September 29, 2015 at 6:06 pm
Great article ! Printers are often the last devices coporates security specialists are taking care of, indeed :)
Reply
Leave a Reply
Your email address will not be published. Required fields are marked *
Comment
Name *
Email *
Website
six + = thirteen
Post Comment