Printers remain highly vulnerable to hacking attacks and lag behind in terms of security. This is the conclusion of two Italian researchers in a paper on the security of printers against attack methods.

The research paper shows that, despite recent hacking attacks in which printers were the source of break-ins, printers are still considered secure hardware far too often.

The researchers argue that printers are highly vulnerable and lag behind other electronic peripherals in security and data privacy. For example, many of the printers examined for attack potential and risk level were found to be non-compliant with the latest GDPR laws and regulations and the ISO/IEC 27005:2018 standard.

The latter two risks are important because printers are often located in environments that have to comply with laws, regulations and standards.

Research

In their research, the researchers used the Sohdan engine to scan IP addresses of IoT devices in Europe. This involved specifically scanning for TCP port 9100, which is often used for TCP/IP printing tasks. Most of the discovered 50,000 ‘open’ printer devices were found in this way in Germany, Russia, France, the Netherlands and the United Kingdom.

Three methods of attack investigated

The researchers then unleashed three attacks — or PrintJacks — on the devices. The first attack concerned recruiting a printer for a DDoS warm-up via the exploitation of a known RCE vulnerability.

The second attack involved a ‘paper DoS attack’. This consists of sending repeating print jobs to a printer on a large scale until the printer runs out of paper. The researchers performed this attack with a simple Python script that generated a loop of a thousand print jobs on the affected device.

The third attack allowed for the viewing of printed documents. Print data is not sent encrypted. Therefore, an exploit will enable hackers to retrieve the data from the affected printer in plain text. To do this, the researchers used Ettercap to set themselves up between the sender and the printer. Wireshark was then used to retrieve a PDF document sent to the printer.

Call for better security

Hacking via printers is everything but an unknown phenomenon. Earlier this year, vulnerabilities were found in printers from various manufacturers that had not been addressed in sixteen years. The Italian researchers call on companies, but also manufacturers of printers, to quickly work on proper security, noting that said security can be achieved with minor authentication updates.