My Printer Was Hacked?
Monday, March 26, 2007
Posted by: Sandra Kay Miller
While administrators concentrate on protecting servers, desktops, and networking equipment, there are other points of entry through which intruders can enter an IP network, both logically and physically. The time and effort it takes to plug these simple security holes will help avoid malicious attacks through vectors that are not obvious.
Organizations still have the mindset that printers, along with fax machines, copiers, scanners, and multifunction devices that house all four features, are simple devices meant for printing and transmitting copy. But today's versions are much more powerful, often including an operating system, an IP address, memory, large hard drives, Web browser, FTP, and Telnet services, so documents can be sent directly to the device.
In order to manage all these services, there is also an administrative account that is often overlooked during installation. Access can be gained to these devices using only a browser. Once inside, FTP and Telnet services can be configured, opening a gaping hole through the corporate firewall. Furthermore, using network utilities such as ping and nslookup, intruders can enumerate the internal network. Remember, the device is authenticated to the network.
Devices that support SNMP (Simple Network Management Protocol) provide unencrypted remote access once a user authenticates using a common "community string," which are usually left with the default settings "public" (for read access) and "private" (for write access). This means access can be gained by guessing the community string or sniffing it off the network. With this information, an attacker has read or write access to the SNMP server and to the status or configuration of the printer.
While SNMP is turned on by default on most printers and community strings are often set to the default settings, many devices do not allow changes to be made to the strings or, worse, the ability to completely turn off SNMP. Some device manufacturers even go so far as to build in undocumented (and highly unsecured) backdoors into their products for remote vendor maintenance and updates. Open administrative accounts also offer access to the documents stored in memory or the hard drive. Once an intruder has gained access, it's plausible that every document ever put through the machine could be downloaded.
Recognizing the growing threats from peripheral devices, new solutions are emerging on the market that allow organizations granular control over both ports and devices, including USB and parallel ports. Solutions such as DeviceLock www.devicelock.com, SecureWave's Sanctuary Device Control www.Processor.com/SecureWave, and ControlGuard's Endpoint Access Manager www.Processor.com/ControlGuard will shadow all data sent or received by the devices along with detailed information about who and when is connecting to the device. This means administrators can fully audit the use and find out if confidential documents are being copied, printed, scanned, or faxed and by whom.
While a breach in the phone system may not expose data and interrupt network services, it can result in unwanted charges, sometimes going into tens of thousands of dollars. Hacking enterprise PABX (private automatic branch exchange) systems can be very lucrative. SecureLogix (www.securelogix.com), a Texas-based company that secures, optimizes, and manages enterprise PBX installations, estimates of the annual losses from PBX, PBAX, and voicemail fraud worldwide as much as $40 million annually. This figure is based upon survey data from the Communications Fraud Control Association, which puts the total loss worldwide from all types of telecom fraud as high as $40 billion annually.
Hackers can gain access to PABX systems by exploiting a weak password or default settings. PABX security is often overlooked and poorly documented. Unused features, such as remote administration and call forwarding, are easy targets on PABX systems.
Likewise, voicemail systems are vulnerable. Many systems do not require users to change the default password and include features such as forwarding to an external number.
To prevent these types of security lapses, passwords and feature codes should be regularly changed and well documented. Call logs and change logs should be regularly monitored so that unusual activity can be spotted when it happens.
When buildings are initially wired, engineers install physical network jacks in convenient locations-lobbies, conference rooms, dining area, utility closets, and even in outdoor commons. Most networks use DHCP, which automatically assigns an IP address to a device as soon as it is plugged into the network. Once an intruder has access to the network, he can then go hunting for devices with default administrative passwords or passively sniff packets for data passed in clear text.
Physical security of network ports should also be considered for office machine peripherals. It's quite simple for an attacker to unplug the network cable on a multifunction device and simply plug in a laptop.
The simple solution is to disable network connectivity to all unsecured, publicly accessible network jacks. When access is required, it's as simple as having authorized IT personnel plugging a cable back into a patch panel.
Paul D. Robertson, president of the FluidIT Group www.fluiditgroup.com, a Washington, D.C., based consultancy specializing in security and forensics, points out, "If your printers are accessible to an attacker, then you've got bigger problems." With more than 20 years of IT experience, Robertson notes, "Security takes discipline and hard boundaries. Most network managers aren't willing to or still don't have the power to make the hard choices over a user-base that's increasingly embracing technologies without a thought to security or the downstream issues."
Similar to computers, networked printers and other peripherals have vulnerabilities capable of exposing data, falling victim to DoS, and providing a gateway for attacks on other systems. Although many organizations provide extensive security measures for computers, they ignore printers and other peripherals. These vulnerabilities can be easily mitigated using simple procedures instead of extensive (and expensive) measures.
by Sandra Kay Miller
Reprinted with permission from Processor magazine, March 23, 2007 Vol.29 Issue 12. For more information, call (800) 334-7445 or visit thier web site at www.Processor.com for more articles like this or to subscribe.