How much can you trust your printer?

In this interview with Help Net Security, Scott Best, Director of anti-tamper security technology at Rambus, talks about what organizations should be aware of when it comes to printer security and what they should do to remain secure.

Printers often go unnoticed yet pose a major threat to organizations. How do cybercriminals leverage them to gain access?

Cybercriminals often leverage printer devices to gain access to networks and sensitive data in various ways. Their goal is to find a way to execute arbitrary, untrusted code on the target platform. This is a key reason why printer firmware updates so often.

Printer OEMs are well aware of these threats, and constantly patch security vulnerabilities that attackers and malicious users might try to exploit. Of course, a successful exploit means that malicious software becomes operational within the network-attached printer, which can wreak havoc on cybersecurity within a corporate LAN setting.

Which assets can be made accessible by printer vulnerabilities?

Business-class printers are often running a variant of Linux, which means they have many of the same vulnerabilities that you would find on any network attached Linux server. Many zero-day exploits that have been found in the Linux kernel could be found in these printers if they are left unpatched.

So, what is the primary motivation of attackers? It is usually to gain remote access behind the corporate firewall. Cybercriminals often use network-attached devices to discover more about the other devices connected to the network. If a device can be used to scan the network, it might be possible to find other vulnerable devices on the network. It may even be possible for the attacker to use the printer to mount the attacks on other network-attached devices. In this way, a printer becomes a staging area for malicious actors to attack and compromise other, more critical platforms within a corporate network.

That said, for some companies, the printer itself can be the target. Many business class printers have hard drives that are used to save jobs, templates and other necessary information needed for its use by the customer. This means that an immense amount of sensitive and confidential data is being stored on the printer. Extraction of this valuable, locally stored data on the printer is sometimes an attacker’s goal.

What can organizations do to make their printers secure?

First off, good “firmware hygiene” is essential. Multi-function network-attached printers are surprisingly sophisticated systems, and as a result have highly sophisticated embedded operating systems. Most of these printers have a webserver for providing device status and allowing configuration updates along with printer firmware updates. These devices are also expected to support a lot of different network protocols, such as SNTP, SNMP and the related printer-specific protocols.

As you might expect: the more complex the firmware in a device is, the more potential security vulnerabilities it may have. Printer OEMs are aware of the attack surface their products present, and they strive to maintain the highest grade of security within their embedded software. A policy for applying standard vendor-authentic updates and patches should be followed. Also, intrusion-detection software should be operational within a corporate LAN. This allows for monitoring of any non-standard, potentially malicious traffic – not just from the user’s personal devices, but from any network-attached appliance.

Can organizations count on printer manufacturers to secure their products? If not, why?

Yes, because printer OEMs take these threats and risks to their customers very seriously. The risk of “poor security” is a risk to corporate brands, which no business can afford to ignore. Businesses can count on their printer supplier to take notable steps to secure their products. For instance, a printer’s firmware images are cryptographically signed by the OEM, such that they can be verified for authenticity prior to becoming active within a printer.

Additionally, these printers are equipped with security-optimized “root-of-trust” security processors. These processors are tamper-resistant and operate separately from the more insecure application processor circuitry, allowing the critical verifications and computations to be performed more safely. Printer brands keep their exact root-of-trust, and “secure boot” solutions close to their chest to avoid cybercriminals from getting any advanced information.

What does a printer security solution have to have to give users peace of mind?

To give users peace of mind, a printer security solution typically has, or should have the highest grade of security within its embedded software. It should also be equipped with trustworthy and reliable hardware security. Additionally, within an organization, a policy for applying standard vendor-authentic updates and patches should be followed, and intrusion-detection software should be operational. This allows for monitoring of any potential threats.