Cyber crooks can pose as your printer to steal your stuff

Image: Ampere News

BY KERRY TOMLINSON, AMPERE NEWS

No one suspects the lowly printer. But cyber attackers can go into stealth mode, hiding in your printer, to carry out attacks against you, according to a cybersecurity researcher.

Here's how the attack works and what you can do to stop them.

Watch here:

Visible & invisible

Your own printer turned against you. In January, attackers made printers push out ransom notes demanding money at the Royal Mail postal and delivery service in the United Kingdom. Pay up or they'll reveal all the sensitive data, the notes threatened.

This kind of attack is flashy, made to be seen. But a researcher is warning that attackers can instead go under cover, pretending to be your printer, carrying out crimes under our noses.

"Just think of a printer with a mouth with a lot of sharp teeth in it. That's the visual that I think of," said Gabriel Agboruche, cybersecurity manager with Accenture, who hacks printers to show you how to protect your own.

Undercover

The attacker in printer's clothing could first steal what you've printed before, like bank account bank info, taxes, or medical documents at home and crucial company data at work.

"There's print jobs within printers," he said. "A lot of times they're cached or stored on to the printer. So, if you gain a certain level of access to printers, you can see past print jobs that might have critical and sensitive information about that organization."

Then they could map out the network to see what else to steal, especially good for business and industrial networks.

Plus, they could use a special tactic to uncover passwords for other people's accounts, especially people with the best access to critical things.

What's next?

After that, they can launch big attacks like ransomware, holding files hostage for money and shutting down systems in companies, hospitals, and schools.

"It can get kind of hairy pretty fast," Agboruche said.

Best of all for the attackers, the paper-pushing disguise covers their tracks.

"What happens many times is that people are not monitoring the activities of printers," he said. "Kind of low-level assets. They're not really doing anything."

What to do

First, change the default password on your printer, Agboruche said. That's the password that came on the printer when you bought it, often an easy one that attackers can guess or search up with little trouble.

"It'd be like 'HP admin,'" Agboruche said. "The password is like '1234.' Changing that will allow most organizations to not be compromised in the ways that I'm talking about. Because most printers have default credentials on."

Why? We often just don't think about it.

"The focus on these printers is not about the security of it, but rather it is about the operations. Can people print? Can people scan? Can people do what people do with with printers?" he explained.

Also, clear past print jobs --- at work and at home --- so they don't give away your sensitive stuff to a fake printer with sharp nasty teeth.

"At home, you might have printed out a social security card, you might have printed out a birth or a birth certificate, or maybe health records," he said. "Clear what's on your printer. If the bad guys get access to it, they can do malicious things and take your information without you knowing."

You can do an Internet search to find out how to change your particular printer’s password and clear past print jobs.

More recommendations

For IT and/or security departments, he suggests:

  • Monitoring printer activity

  • Limiting printer access

  • Strengthen password policies overall

He goes into more detail in this talk for the SANS industrial cybersecurity conference in 2022.

 

Also in the news:

More from AMPERE NEWS

 

Featured Stories

Patrick Miller