Printer Security on Wireless Can Present Larger Problems
It may seem like a minor risk if some hacker takes the time to bypass your wireless printer security. What are they going to do? Print through 50 pages of full color toner? That’s like 50 bucks in cost at most. It may not seem like a big deal if someone can hack into your printer, however, attacks against embedded devices like printers can expose your network to larger security risks.
Sorry, It Isn’t That Tough
It doesn’t really take a Mr. T – as in a Mr. Technology. I recently sat down and gave a business IT security workshop to small business owners in Minneapolis. We were hosting the workshop in one of the member’s offices and I was prompted on the spot to see if I could get into their network.
For your knowledge, I would put myself as a solid C in regards to this type of thing – hacking. There is a whole industry of amazing experts in network intrusion and penetration testing. Of course I know more then the average joe, but am in no way putting myself in a class with certified professionals and simply naturally talented hackers (heroes and villains) out there.
That said, I think my C level network hacking knowledge proves my point on how easy this really is:
Wireless Printer Security Hacked in 2 Minutes
- I quickly found an open wireless desktop printer you can find at any big box store on their network.
- It had been simply set up and left with all the default factory settings – but was connected to their internal wireless network.
- With a 30 second web search I found that the printer model has a vulnerability where it stores the wireless password in a public facing xml file.
- I connected to the printer and opened that plain text file and copied the password.
- I connected to their internal wireless network without an issue.
- Now that I was in, I decided to do something simple, yet noticeable. I easily found the person’s laptop who prompted me to hack in.
- There was no basic network security limitations on connecting to systems on all PCs – windows firewall was even disabled.
- Therefore I grabbed a vacation photo from her My Pictures folder and made it my desktop.
- I showed them my laptop desktop – and heard the gasp as the picture of Hawaii with her kids now on my computer sank into her reality.
That reality is – what are the other things that could have been done?
Roll around in the fetal position while crying! Well, that is what you would want to do after emails and files would be pulled down just like the Sony hack without anyone being the wiser. A hacker could install software that could track/download/sniff out anything traveling around the network – even web searches. They could watch you on your webcam. Someone could install software that hosts malicious files and services for download from websites or for something illegal like bit torrent. Really, the sky is the limit once somebody is in.
What can you do to lock down your wireless printer security?
- Well duh, hire us and let us manage your network.
- Read up on the device you have and see if there are any vulnerabilities.
- Update your printer with its latest updates and firmware.
- Use a strong password policy on your network – including printers.
More Information: Here is the printer and the article. HP of course quickly resolved the issue in 2013, but in order to fix it you have to act!
Partner of Network Medics, Inc.
Minnesota Business IT Consultant
Connect with me on LinkedIN