Printers as vulnerability
Poor security hygiene helps the bad guys in ways that you might not expect. Lets talk about one of the secret techniques sometimes used by hackers to host malicious code and evade detection.
The secret is that thousands of unprotected printer hard drives are laying exposed on the Internet. Thats right, your offices big HP printer probably has many gigs of internal storage space, and, if you dont protect port 9100, youre basically handing an anonymous FTP server to the hacker community.
There are a few free, open source pieces of software that can be used to upload and interact with HP printer hard drives over port 9100. After uploading to a printer, the file can be accessed by visiting http:///hp/device/ with any web browser.
This opens up a world of possibilities. A hacker can host malicious web pages and scripts on your printer and link it to potential victims. Maybe he needs to host an executable somewhere so it can later be served through a wget request. These printers are wonderful repositories. It doesnt take much creativity to realize that even highly illegal materials could be stored this way.
After all, this kind of printer is usually powered up and online twenty-four hours a day. Even in sleep mode it will still host files. And who checks the contents of their printers hard drive? What are the odds of this hackers secret stash ever being discovered? Pretty low if you ask me.
Then you also have to consider that any organization leaving their printers exposed to the internet probably doesnt have the greatest, if any, logging system in place. The chances of being caught are extremely low for the malicious actor.
Naturally, you may be wondering why I am highlighting this problem. Wont it just help amateur hackers elevate their game? Disclosing vulnerabilities will always be a double-edged blade. Sure, some people will take advantage of the information, but its my sincere belief that anyone seeking tips on how to protect themselves should also be made aware.
So, if youre concerned about security, put your printers are behind a firewall and, if its a Hewlett-Packard, make sure port 9100 isnt open.
Attention - Portions of this article may be used for publication if properly referenced and credit is given to Kromtech Security Center.
Do you have security tips or suggestions? Contact: firstname.lastname@example.org