Small businesses can be impacted by internet-connected printer vulnerabilities
A resurgent threat is impacting enough businesses that the FBI distributed an alert. A Private Industry Notification (PIN) was issued by the FBI 8/3/17 alerting businesses about the potential vulnerabilities of internet-connected printers. Printer hacking dates back to at least 2011 and it seems there is increased hacking now.
What is the Threat?
Hackers are exploiting printers that have open ports to the Internet. Businesses have received bomb threats or hate mail. The FBI states it is likely future hacks may use open ports as a way to intrude into networks. One hacker in February, 2017 successfully hacked over 150,000 printers worldwide to demonstrate how easy it is to access printers with weak cyber security. Many of the printers were restaurant POS printers.
Business printers, both traditional “document” printers and specialty printers, have a variety of ports that are used for connections. Ports are access points for data transmission into a computer. Some ports have specific common usage, such as port 80 is used for web browsers and port 25 is used for email traffic. If a hacker locates an open port on a computer, they can perform malicious actions such as forcing print jobs to disrupt business, disable devices connected to the computer, or steal data stored in the printer’s memory.
What You Can Do
The FBI PIN provides a number of recommendations to strengthen your cyber security with internet-connected printers.
Ports 515, 631, and 9100 are commonly used for printer connections. Talk to your cybersecurity specialist about using different ports for printers.
If your business needs to use these specific ports, disable public access and add whitelists of only approved IP address senders.
Change the default or weak user names and passwords on the printers.
Separate your printer from any sensitive computer network. Have 2 unique networks to partition confidential and sensitive work from printer and other common network use.
Monitor printer logs daily to look for any unusual traffic.
Additionally, for internal security of your printers,
Place your printer in a location that reduces the opportunity of anyone tampering with the printer settings or accessing stored documents in the printer’s memory.
Purchase or lease a printer that requires a personal code for each user to use the printer. These printers can generate logs of usage.
The FBI has asked that businesses contact either their local FBI office or FBI’s 24/7 Cyber Watch at CyWatch@ic.fbi.gov if they have information concerning either suspicious or criminal activity.
For more information
An article from PC World in 2012 has some great details on additional security measures. Also, this posting on portforward.com has easy to understand information on ports.
About the Author - Carolyn Schrader is a seasoned cybersecurity professional and founder of the Cyber Security Group Inc., providing corporate cybersecurity services to high profile clients.