IoT- Capable Printers Becoming Unofficial Gateways For Cyber Attacks
The printer started as a simple device for printing on paper, providing users with a physical copy of their documents. However, this past decade, a printer even at home became networked in order to be used by multiple users at the same time. At the turn of the 2010’s decade, the printer which used to be a corporate-equipment becomes just an appliance, including wireless printing. The humble printer gained more functionalities through the years, including connecting through apps, making it one of the first IoT (Internet-of-Things) device.
Unlike a typical IoTs that are designed to be connected to a “guest” network in homes and in the offices, printers operate inside the main network. This is for the device to accept print jobs from workstations, which opens an opportunity for cybercriminals. Printers connected to the company and home network while also available as an IoT device on the Internet is an open opportunity for cybercriminals to penetrate an internal network through the printer.
This very issue has been examined by two security researchers from NCC Group, Daniel Romero and Mario Rivas. Network printers are now a convenient way for outsiders to penetrate an otherwise private internal network of companies and homes. Printers are not designed as gateways, it just happened that its IoT cybersecurity functionality provides bridging the public Internet (where the threats and bad actors come from) and the internal network.
Aside from backdoor functionality opened by an IoT printer, the internal networks become vulnerable to distributed denial of service (DDoS) attacks from outsiders as well. The NCC group security team have subjected various printer devices from Ricoh, HP, Lexmark, Xerox and Kyocera, which they describe as: “were able to provide updates to close up the identified vulnerabilities and secure the affected devices against the exploits uncovered by the researchers.”
NCC group’s findings match closely with Microsoft’s study regarding the vast abuse of IoT devices, creating an artificial gateway for outsiders to penetrate a private internal network. “While much of the industry focuses on the threats of hardware implants, we can see in this example that adversaries are happy to exploit simpler configuration and security issues to achieve their objectives. These simple attacks taking advantage of weak device management are likely to expand as more IoT devices are deployed in corporate environments,” emphasized Microsoft’s cybersecurity team.
According to Romero and Rivas, there is an unpatched vulnerability on various printers they have tested, most especially with the implementation of IPP (Internet Printing Protocol) per device and model of the printer. IPP, when implemented wrongly, can execute arbitrary code, which will be very harmful to the internal network. Also, the very protocol that enables system administrators to monitor the network presence of the printer, SNMP may have bugs that can be used to crash the machine in the network through DoS vulnerability.
“Certainly, there’s more to the story. And we’ll get to hear more of it when Mario and Daniel reveal the full extent of their research at several industry conferences, including DEF CON, Hack In The Box Security Conference and 44CON,” concluded the NCC Group.