Printjack, attacks against printers
Keep in mind that printers are devices that can be connected to the network. Whenever we have connected equipment, whether by cable or Wi-Fi, we must take precautions and maximize security. This will prevent intruders, damage to other devices, or even malfunction.
These so-called Printjack attacks they can cause a printer to be used for a botnet network and carry out DDoS attacks. This could happen if we have a printer with a vulnerability that has not been corrected. Unlike other IoT devices that we have at home, such as a television, video player or any other similar device, they tend to receive fewer updates or users do not install them on time.
This group of Italian security researchers, alerts that the printers are in many more places of which we can imagine. Not only in domestic environments, but in companies of all kinds, public places such as a library, universities, etc. Hackers have a wide range of options to launch their attacks.
They scanned for printers with public TCP port 9100. This resulted in tens of thousands of printers being exposed. It is the default port for this type of device, although it is true that it can be used for other jobs.
One of the main attacks, as we have mentioned, is the DDoS. The printer is part of a botnet and can launch attacks against other devices. They mentioned the vulnerability CVE-2014-3741, but they assure that there are many more that can also be exploited for this type of attack.
A printer that is part of a botnet can experience significant problems. One of them is directly that it stops working, but also overheating, more power consumption or failures when printing. All of this can lead to faster deterioration.
Another type of attack is what they have called “Paper DoS attack”. It basically consists of constantly sending documents until the victim has already run out of paper in the printer. This, without being as problematic as the previous one, can cause stoppages in a business.
The third of the Printjack attacks has to do with Privacy. A cybercriminal could carry out a Man in the Middle attack and collect the information to be printed. For example read the documents. You could see all the plaintext data being sent.
For this test they used Ettercap to get between the sender and the printer, and then Wireshark intercepted a PDF file sent for printing.
So what can we do to be protected and avoid all these attacks? Without a doubt the most important thing is keep the printer up to date. We must always install the latest versions and any security patches that may be released. Only then will we be properly protected.
We must also make good use of equipment, not just the printer. We must protect the network to which it is connected, as well as the rest of the devices. A good antivirus, for example, can be very useful for our computers and that they are not the gateway to printers.