Hackers Eye Printers for Penetration

Wednesday, February 2, 2011 @ 06:02 PM gHale

The office printer could now be the weapon of choice for computer criminals.

In two separate presentations at the Shmoocon hacking conference in Washington, D.C. early this week, researchers showed how hackers can use printers to compromise a company’s computer network. One presentation showed how you can group poorly secured printers together to act as online storage for cybercriminals.

Over the past decade, ordinary office devices have gained surprising new functionality. Today, some printers can send and receive emails, and even browse the Web. Deral Heiland, an independent security consultant who gave one of the presentations, said manufacturers haven’t given security nearly the attention it deserves in light of all the new features.

Heiland, who works as a “penetration tester,” or someone who attempts to hack in to a company’s network under controlled circumstances, wanted to look for printer flaws and configuration issues.

At Shmoocon, Heiland talked about a program called “Praeda” (Latin for plunder) that uses a collection of common security flaws and configuration issues, like default passwords, to gain access to printers from outside a company’s network. Vulnerable printers can then compromise the network. Once the tool gets inside the network, it can steal passwords and files, giving it even more access to servers and other devices.

Heiland said simple configuration issues often make printers vulnerable in this way. For example, manufacturers do not force users to set a new password to access their device. That means many printers have default passwords you can easily find in manuals posted online. In addition, printers you can access via a Web browser often run insecure Web server software, allowing a knowledgeable attacker to find usernames and passwords.

Security issues with one brand of printer allowed another independent researcher, to use the storage space on the devices to create a distributed cloud for storing files. Ben Smith presented a program called Print File System, or PrintFS, that automatically finds vulnerable printers via the Internet or in an internal network and turns them into a distributed storage network. Hackers could use the storage space for malicious programs or other material. Smith found scanning the Internet for the communication ports used by printers turned up more than enough devices to create a large storage network.

Leave a Reply

You must be logged in to post a comment.