Printer Creeps: How Mischievous Hackers Can Ruin Your Day

Researchers have published a study in which they identify a number of assaults that exemplify the dangers posed by wireless printers that have been inadequately secured.

The report, written by security experts Giampaolo Bella and Pietro Biondi, explores three attack approaches (known as Printjack) that might be employed to compromise the millions of printers with a publicly accessible TCP port 9100, which allows network printing.

According to the research, one of the most devastating potential attacks is “paper DoS” (do notDomain Name Service), which may be used to annoy printer owners by remotely launching tasks until their paper and/or ink supplies are depleted. This attack is said to be possible with a simple Python script.

Printer assaults that aren’t particularly amusing

The researchers found that the security protocols in place to safeguard even the most modern printers are very basic when compared to other internet-connected devices. While paper DoS assaults are relatively minor, a hacker may use exposed computers in more harmful ways.

A malicious actor may use vulnerable printers to launch distributed denial-of-service (DDoS) attacks by combining a known vulnerability with a readily available proof-of-concept exploit.

The printer in this example is considered to be a component of a cybercrime campaign, but the device itself would also suffer performance deteriorations, use more power, and degrade at an accelerated rate than normal.

The exploit, as detailed in the paper, is a type of malware that targets printers. It could have significant consequences for any organization that creates classified data.

“Well beyond the technicalities of the attacks lies a clear lesson. Printers ought to be secured equally as other network devices such as laptops normally are, “ wrote Bella and Biondi.

Simple methods for restricting access include requiring authentication to the printer administrator panel or starting print jobs. Enabling IPSec-only printer connections might also help with a number of problems.

“Since appropriate technology is available to mitigate the risks of the Printjack family of attacks, the biggest effort ahead of us seems to be the training of users to bear security and privacy measures also through their routine printing tasks,” the report concludes.