Danger in Plain Sight - Chapter 2 - The Threat Landscape you didn't know existed
In part one of this series, we talked about how a printer is truly a P.C. in disguise. We looked at many of the commonalities between the two, including the fact that they share many of the same hardware components. In fact, the only difference between a printer and a P.C. is the fact that the printer can put toner on paper.
One of the most significant questions I addressed in part one was, "Would you ever put a computer on the network without antivirus?" In part 2 of this series, I want to expand upon this question further and look deeper into the threat landscape.
There is no “Anti-Virus” for printers
The malware threat for printers is far more profound than you may think. Let's assume for a moment that there was, in fact, anti-virus software available for printers much like a conventional P.C. Would you think to yourself, "Great, problem solved," and move on from the situation? If you did, you would only be addressing the surface of the issue. It's time we thought like a malware writer for a moment.
As a virus creator, I've just invested six months of time, energy, ingenuity, and brazen bravado developing a particularly nasty piece of code. This malware will do an excellent job of wreaking havoc and move me closer towards whatever goal I am working toward.
However, like most malware writers, I have a problem in the form of a mortal enemies. My enemies, in this case, are companies like Symantec, McAfee, and other anti-virus software companies. What took me six months to build could be wiped out in as little as two weeks or even two days. It's my deepest wish to escape this cat and mouse game and break the cycle. To do that I need to go where anti-virus can't go.
The threat to the Printer B.I.O.S.
The newest trend in viruses is to go into a deeper, more privileged area of the systems they infect. Areas in which conventional scanners can't see. For that, they have to go to the B.I.O.S. Malware that attacks the systems B.I.O.S are growing by the day. The reason is simple most A/V software only kicks in after the operating system or firmware is loaded and even then, only scans for malicious code on the hard drive. It doesn't search deep down into the motherboard. The underlying belief is if I can infect your B.I.O.S; I own your machine for the life of that machine.
That is the genuine threat when it comes to malware in today's print environments. Spyware can now be injected into your Printers B.I.O.S and send a copy of every document printed to a command and control server out on the internet that can be used in any number of ways.
Admittedly, while the B.I.O.S threat is relatively new, it would be a mistake to dismiss this very real and very much growing problem. With that said we have some other areas of your Printers which are vulnerable to attack.
The Threat to Printer Firmware
The firmware of your printers acts as its operating system. As with any operating system, the firmware is under constant attack. Without A/V solutions to protect it, the firmware is wide open and relatively easy to alter or simply overwrite. This can lead to the same type of threats as we saw when discussing the B.I.O.S only these are far easier to develop, execute, and deploy.
The USB Threats
Another threat to your Print fleet is the open U.S.B. ports. Not only can these vulnerable ports be used to transmit malware, but they can also be used as an instrument to carry out costly denial of service attacks.
The Output Tray
The output tray is yet another location which can seriously hurt your business. At least with this one, we don't have to worry about malware. The threat here comes from data leakage; this could result in the loss of private and sensitive information as well as lead to fines for violating regulatory laws on data privacy.
Why do the printer security settings seem to disappear?
Losing the security settings on your printer is also a common occurrence that could leave you open to attack. What happens here is all too frequent as well. A technician comes to your office to replace the main board on a malfunctioning printer. The tech successfully replaces the board with a new one and boxes up and leaves with the old one.
What else walked out with the technician? All of the security settings that were applied to that main board. Because everyone is so busy working on other fires it’s easy to say, "I'll get back to it later," and then completely forget about it. Thus, you’ve left that machine open and out of compliance with your policies.
In part three of this series, we are going to discuss the specific infections that are taking place when some of these threats are realized and how they are used to harm your environment.
About the Author
Bruce Rushton is a Solutions Architect and Printer Security Specialist with over 30 years’ experience in the I.T. space. For the last nine years he has been dedicated to providing Managed Print Solutions. At Total Print (TotalprintUSA.com) he helps companies across the United States by providing them with tailored, affordable, cost-cutting, Secure Printer, Copier, and MFP solutions. If you have questions about your print environment and /or the security of your devices, you can request a free consultation with Bruce at firstname.lastname@example.org