Forum

The printers I normally use for the company I used to work for were never wireless capable. Since we were bought out a few months ago, I noticed them slipping in a few of the HP Laserjet pro m401dw printers that are wireless capable.

A couple of these were installed in a remote office before I even payed any attention that we had wireless printers there.

My question is this, what are the vulnerabilities of wireless printers? They are not being run wireless, they are cabled as of now. They are probably on the default config, wireless on and open.

How can a hacker use a printer like this to get in the network, or can they? Is this a major hole we must watch out for?

any help would be much appreciated!

I don't know these particular printers, but I would doubt you could hack into the network it is attached to.   However:

It might be possible to send (Forge) a document to the printer that looks like it came from a valid internal user.   Not good if used for receipts, etc.

Another possibility would be for someone to view the printers status screen, and gain some information about the network - IP addresses, user/job names, etc.   In the past there have been remotely hacked LAN printers divulging recent scans & documents.

A manuafacturer's, HP in this case, debug mode might give a hacker access they shouldn't have - excellent for a DoS attack against the printer(s).

So, I would make sure you disable the radios, if you're not using them wirelessly.   And make sure all operator passwords are changed from the defaults - you might have an internal user naively set it up for wireless with no malicious intent.

If you should discover any wireless security problems, please let us know - after you've fixed them of course.

Neal,

I'm with Howard.  I think your best bet is to remote into each printer and disable Wi-Fi completely.  Hard code the IP (static IP) and use an Ethernet cable for connectivity.  Plus, do all the default printer password changes mentioned for additional security.

Personally, I do not know of any enterprise-class printers that use Wi-Fi (OK, someone might know of some, but I do not...).  It really makes sense (security wise) to disable Wi-Fi and use Ethernet only on networked printers.  (At my work, if someone absolutely "needs' a wireless printer, we set them up individually with Bluetooth.)

Let us know if you run into any other issues.

Well I disabled the wireless in the printers, I am curious though what vulnerabilities can be exploited that way.

Gcate these printers are for small branch offices, normally no more than 10 users at each. Rather small but normally very dependable and able to print large amounts pretty well.

Several manufacturers produce enterprise class wireless printers.    Many of these are used in truly mobile applications in warehouses, which was one of the first applications for them.

Walmart, Avis, and many others use them extensively.

There are even wireless card Printers, which have almost the same throughput as those connected through Ethernet.    It's not that tough when you consider that most of the delays are mechanical, rather than communication, delays.

For me, the biggest issue is the wireless use of it!  Someone could connect from outside the building, and send large print jobs to it, to maliciously use up all the consumables (paper, ink/toner, imaging roller/fuser life), which could easily get into several $100s.  If done over night, and nobody would know till it ran out of something when they came in next morning.  Since they are connected directly to the printer, there would be no restrictions on what is printed (leave it to your imagination on what that could be).

Another, is they could turn off the LAN, or change the settings on it to prevent use.  If they set the IP to the default gateway, it could knock out the entire subnet, as the traffic would be unable to find the right gateway.

Not very likely if the WLAN is using good security.   Surely this is not any more exposure than the rest of the wireless network under such controls.

In the case of hand held printers, most are powered off at night, with their batteries being re-charged.   So the danger of loss of materials is not that great.

NIST has released a draft document covering security for networked printers, copiers, and scanners.

http://csrc.nist.gov/publications/drafts/nistir-8023/nistir_8023_draft.pdf

I'm dealing with this in my company as of right now.  We've established a policy that any wireless capable printer should have the wireless card actively disabled, but adherence and enforcement of that policy is questionable at best.  To combat it, I simply mark the SSIDs they broadcast as malicious rogues and my Cisco infrastructure makes sure nobody can get to them.

The main problem is not necessarily making it onto the printer's 'hotspot' network and then directly gaining access to the network.  The problem is by getting connected to that 'hotspot', you can discover the IP of the printer which then most of the time will allow you to poke around the configuration settings.  From there, you have the IP, you can get the ethernet MAC, subnet gateway etc.

It's very easy to spoof a MAC address and whether DHCP or statically assigning the IP, you would have to physically be in the building and disconnect the printer and connect your machine instead.  You'd think that would raise some flags, but in a larger company/building with frequent printer/copier servicing, it goes virtually unnoticed.

We've been deploying Cisco ISE as our NAC solution for a while and locking down printers is the next item on the list.  Unfortunately we had a third party pen-test done and it exposed them for the gaping hole in the fence that they are.

Depending on the brand of the printer, and your access to the manufacturer ( their VAR, distributor, etc) you may be able to get a custom firmware release, or more likely the VAR will know of "hidden commands" that can disable Wi-Fi Direct, AdHoc, or Hotspot functionality.

Older Zebra Printers supported AdHoc mode, but the new ones don't, and none ever supported Wi-Fi Direct.    They are improving their security features all the time.   They make both receipt/label and Card printers, but no LASER printers.

Besides the security vulnerabilities, the unwanted beacons in wi-Fi Direct cut down on available channel throughput.