Gallery

Your printer vs the hackers

Posted on 18 Jun 2009 at 11:26

Steve Cassidy has never seen a furore like that caused by HP's admission that networked printers retain hackable documents.

By now the majority of places I visit seem to have the idea, which is to ignore all the Windows printer-sharing stuff and press fearlessly on to that part of the printer installation where you get the chance to add another networked printing port. Add this as LPD, another inheritance from Unix, and supply the IP address of the printer server associated with that type of printer. In the case of all these terrible unsecured HP printers, this is just the static IP address of the printer in question. Trot through the dull bit of the printer setup, which relates to paper sizes, trays, staplers and possibly even shredders, and that's it. Kudos should go to those printer manufacturers that have realised this is what most people want, and that have accordingly streamlined the process to be as efficient as possible: Lexmark's network printer installer is a particularly neat mixture of broadcast device detection and included network utility installation, although the shine is taken off it just a little when it also commits the dual sins of finding the standard Microsoft LPD system inadequate and using some weird subspecies of Java to draw the dialogs and pickers for the installer.

It's fair to say that nobody had ever considered printers to be a point of vulnerability for company data in its unprinted form until HP issued that advisory and set the cat among the pigeons. There are plenty of heavyweight corporate printers that apply security of a rudimentary kind before they allow you to shoot off 10,000 copies of the wrong document, but these are more concerned with providing the right charging code to authorise the use of the colour toner, than with erasing any document buffers that may contain the shadow of the last document to pass through the machinery. Strictly speaking, all of those bigger printers (in which I include networked photocopiers) share the vulnerability of the smaller devices, because it's pretty rare to find lengthy administrator passwords anywhere on a dumb printer - after all, they're pretty dumb.

It was interesting to read the suggestion of one PC Pro reader on our blogs, that the quickest fix is to tell the printer that it doesn't have a default gateway and, hey presto, if there's no way for the printer to reach the internet then the scenario identified by HP (see the original document at www.pcpro.co.uk/links/177net) is ring-fenced and the issue goes away. Except that isn't the real nature of the problem here. If you read the original paper closely, HP doesn't actually say how this vulnerability is manifested - it's just "accessed remotely" and the assumption seems to be that such remote access has taken place through an opened firewall. Here's where the conversation becomes a bit more difficult, because moving from the fairly simple world of a printer with a single IP address to a border router that might have any one of a hundred potential configurations expands the whole topic well past the point at which advice on security can be guaranteed to reach the widest possible audience. So HP has in effect left out part of the whole conversation, which saddens me.

If anything, by shooting for the widest possible audience HP's treatment of the issue has simply contributed to a baseless climate of fear, and all that gives us are isolated gobbets of advice that don't help those who may not know enough to put them into their proper context. So let's walk briefly through the idea that a remote and malicious user can burrow into your printer, ignoring for the moment obstacles like knowing what that printer is, where it is, and whether it might contain a document of interest or just one of those water-cooler-rental junk faxes. Let's go over the type of connection that was most likely on HP's mind when it wrote that advisory.