PRINTER SECURITY | 4 MIN READ
With all the Internet-connected devices that now exist, it seems that almost any device can be targeted by a hacker. Can a printer be hacked? As a Managed Service Provider and printer dealer, our combined expertise in the cyber security and office technology industries have taught us about printer security and the ways in which printers can have security gaps. Keep reading to learn more as well as a few tips to better secure your printers.
Note: This article was last updated on March 20th, 2023.
[Quick Summary] Can a printer be hacked? In a short answer, yes, printers have various vulnerabilities that hackers can exploit.
Keep reading to learn more!
Not enough time? Jump to:
Can a Printer Be Hacked?
Printers, an often overlooked aspect of a business' security infrastructure, can be subject to breaches. While many businesses think to secure other aspects of their network, such as firewalls and computers, they sometimes overlook the role that printers play in a holistic cyber security approach.
Hackers knowingly take advantage of this security gap to exploit a business' printers for malicious purposes.
Both older and newer printers alike have various security gaps that cyber criminals can exploit. When your printer is hacked, the following can happen:
- Data theft− Data stored on the printer can be stolen and then sold or used to carry out a ransomware attack.
- Device "bricking"− Once hacked, your printer can be "bricked", which is when a hacker renders it essentially useless.
- Botnet attacks− Hackers can connect your printer to a botnet, which can be used to steal your data and carry out cyber attacks.
- Malicious device malfunctioning− Some hackers breach printers simply to wreak havoc. They can command your printer to randomly print weird files or shut off, among other malicious actions.
How to Tell If Your Printer Has Been Hacked
There are a few telltale signs that your printer has been hacked:
- Un-authorized printing jobs− If your machine is printing unknown documents that nobody authorized, your printer may be compromised.
- Error messages− If your printer is displaying error messages or printing documents with error messages instead of the actual document, your printer may be corrupted.
If you recognize these signs, immediately shut off your printer and contact any necessary IT staff, whether than is an in-house IT department or a third-party IT services provider.
How Can Printers Have Security Risks?
Older Copiers and Printers
Older machines are less secure, which leaves a host of potential issues for your company.
For instance, on older copiers and printers, the connection between a computer and the machines isn't very secure, which means that hackers can more easily access your information when it's sent over your network.
For older copiers and printers with less security, hackers who physically visit your office can simply plug a malware-loaded flash drive into one of your copiers or printers, infect the machine, and then infect a company's entire network. While the odds of this happening are low, the situation is technically possible.
This same scenario can potentially play out on newer machines too if you enable features that let you access documents stored on your copiers and printers from your computer.
These hard drives are unsecured, which means a hacker can hack the copier, access these documents, and then access your network. When setting up your copiers and printers, disable this feature if you can.
Personal Copier and Printer Risks
Personal copiers and printers, especially older models, used in managers' offices come with a host of security risks. Since these machines are usually intended for home use, security isn't as much of a priority when brands build them.
For instance, "home copiers" can have a "print from anywhere" feature that lets you print documents to the copier even when you're away from the office. However, this "print from anywhere" feature has little security because it has to create a hole in your firewall to allow you to communicate with the machine from anywhere in the world.
This hole in your firewall can let a hacker access the machine and anything scanned on it, documents and files on that employee's computer, and even access the whole company's network. If you have this feature on your personal printers, turn it off.
Another security gap on personal machines that you might not consider is a default setting that, when you're scanning to the hard drive on a copier, allows you to open the folder from computers on the network to retrieve your files.
This setting allows for information to be written to and removed from that device from anywhere on your company's network and is generally done with minimal or no security. If your personal copiers and printers have this default setting, turn it off.
Remote Support Feature Risks
Any remote support feature where the dealer or manufacturer can remote in without your involvement or consent is a security risk.
While enabling a "remote support tools" feature lets your machine's vendor remotely assist you in fixing issues, this two-way form of communication creates network gaps that lets hackers access previously scanned or printed documents, or even get into your network.
If you have this feature on your copiers and printers, either turn this feature off or try to opt-in to one-way outbound machine support.
Lack of Physical Security and Phishing
At the end of the day, your organization's greatest strength can also be your greatest security weakness - your employees.
It's amazing how simple it is to enter some business spaces. Consider a shared office environment for upstart organizations or a larger, active space, like a hospital. It's difficult to know who is supposed to be there at times.
Flash drives are often used to breach systems in environments like these. Hackers understand the natural curiosity of others and will leave a viral flash drive lying around, waiting for someone to pick it up and plug it into their computer or print device.
For busy organizations, they may even go straight to the source and plug a flash drive directly in themselves. It's important to keep a level of physical security within your building, understanding who is coming in and out of your workplace. Take additional steps with each of your devices and password protect them with a login or keycard to add an additional layer of security.
Printer Security Tips
Upgrade to a Newer Machine
Newer copiers can have features like Transport Layer Security (TLS) that encrypt scanned files sent to your email encryption as well as newer versions of Server Message Block (SMB), which securely scan documents to a folder instead of your email.
Scan your Network for Security Gaps
Hackers use network scanning tools to search for security gaps in your network, especially in your copiers and printers. When a hacker scans your network, they look for open ports.
Open ports can let them access the hard drive of the copier and view all documents in the hard drive. Hackers could even potentially get into your entire network this way too.
Think like a hacker and use the same tools to find and fix security gaps before a hacker takes advantage of them. Using a network scanning tool, scan your network for any open ports on the copiers and printers.
Follow These Best Practices
To ensure that your device is consistently secured, you should:
- Enable data encryption kits
- Keep printer software updated
- Connect the printer to the network via a VPN
- Disconnect or switch off your printer when it's not in use
Printer hacks can lead to a host of negative consequences, from cyber attacks to data theft. Follow the tips above to ensure that your printer is protected.
For more cyber security content, follow our blog!
Posted by Andre Schafer
Andre Schafer is a Technical Account Manager at Standard Office Systems. He has spent his entire career in the Office Technology and IT fields. For nearly 30 years, he has held various roles, including Technician, Trainer, Analyst, and Account Manager. Andre’s focus has always been to understand his customers' business needs to provide the appropriate technologies and services.