Posts

Blackhat Hackers Love Office Printers

The term, or in this case the word “blackhat” in tech generally refers to a criminal hacker. The opposite of black is white and a “whitehat” is a security professional. These terms originate from the “spaghetti western” movies when the bad guy cowboy wore a black hat and the law wore white hats. Fun huh?! Blackhat is also the name of the largest conference on the planet for information security. The conference itself is 20 years old and as Alex Stamos who is the CSO for Facebook and also Blackhat 2017’s keynote speaker said “Blackhat isn’t even old enough to drink” That statement reflects just how far we’ve come in information security and also how much more there is to do.

One of the presentations at Blackhat discussed printer security called “Staying One Step Ahead of Evolving Threats” by Michael Howard Chief Security Advisor of HP and painfully demonstrated just how much more there is to do.

Do you ever feel as if your office printer is dangerous? Most of us don’t. In fact, more than half of businesses don’t even bother adding printers to their security strategies. Mr Howard stated only 18% of IT security managers are concerned about printer security where as 90% are concerned about PC’s. That stat is one reason why ?92% of Forbes Global 2000 companies experienced a breach in 2016 which in part resulted in 4 billion records breached worldwide.

Hackers know this, so office printers are the perfect target for them. Remember, printers are connected to the network, and if unprotected, they are easily hacked. According to the Ponemon Institute, 60% of data breaches reported by companies involve printers. So, why do hackers love printers? Here are a bunch of reasons:

Networks are Vulnerable

Even if you have a firewall, there are several devices that might be on a network that are access points to that network. When you don’t add your printer to your security plan, it becomes a welcome access point to hackers. Once they get in, the consequences could be terrible for a business.

Hackers Can Get Useful Data

The data that hackers can get from printers that are not protected is unencrypted. If one of your staff members sends sensitive information to the printer, yet it is unencrypted, the hackers can read it. Mr Howard shared how one universitys unsecured printers led to students hacking tests days before they were taken, giving the students a significant advantage. Do you really want your company’s data to be open like that? All hackers have to do is take it if the printer isn’t protected.

They Know They Can Access Other Devices

Hackers also love office printers because they know that once they are in, they can access other unprotected endpoints on the network. Mobile devices are an excellent example of this. It is quite challenging to secure access to all of these devices. The more devices that are connected to the network, the easier it is to access it.

Information Leaks

How many times have you printed something at the office and let it sit in the tray for a while? This happens often. Hackers know this, too, and they can essentially print anything once they have access to the printer and retrieve it at any time. This easily opens up the business to compliance issues.

Finally, hackers love office printers because they get inside access. ?Once the printer is compromised, so is the rest of the network.

  • Change the printers default passwords.
  • All computing devices including printers need encryption.
  • Printer hard drives have lots of data. Destroy hard drives prior to recycling or reselling.
  • Printer firmware and software needs to be regularly patched and updated.
  • Use “fleet management” tools to ensure all of the companies devices are protected.

When businesses implement security policies and procedures that directly address endpoints, including printers, they significantly reduce risk and maintain proper network and data security compliance.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Before Getting Rid of Your Old Printer, Say “Goodbye” to Lingering Data

In the security business, there’s a lot of talk about protecting your smartphones and computers from malware and viruses, as well as loss and theft. It makes sense. Most of us use our smartphones and computers on a daily basis and keep important information on them like passwords, user names, and credit card numbers. But there are other devices that hold sensitive data that we don’t really talk about. For example, printers.

http://www.dreamstime.com/royalty-free-stock-image-keyboard-recycle-button-green-white-icon-image35645776Some printers have internal hard drives or flash memory that store documents that have been scanned. This means that images of your pay stub, medical records, credit card statements, or any other sensitive documents you once scanned are stored in the printer’s memory and therefore retrievable by someone who knows where to look for it.

Because these hard drives are usually hard to find, they are usually not removed before a printer is resold or recycled. That can be bad news for you if your printer gets into the wrong hands.

If your printer is nearing the end or you are upgrading to a new printer, make sure you delete that important data off your old printer.

How do you get rid of your printer’s data? There are multiple ways.

  • Unplug your printer for a while. This will delete data if there’s no local storage. Check your printer’s  user guide to see how long to leave your printer unplugged until the data is removed.
  • Clear the direct email function. If your printer has this feature, make sure to delete your password before getting rid of the printer.
  • Wipe the disk drive. If your printer has a disk drive feature, use the wipe disk to make sure your data is not accessible by others.
  • Destroy the hard drive. If you decide to trash a printer rather than reselling it, take it apart and find the hard drive. Remove it and hammer it. But remember, safety first. Make sure you wear those safety glasses.

Follow these tips and sell or recycle your printer with peace of mind, knowing that nobody will be able to retrieve your personal information.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.