Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

The importance of security for UK office printers

Written by  Apr 10, 2020

When it comes to digital security, we tend not to think about printers as they are often seen as dumb devices with a few basic functions. However, a recent study found 61 per cent of businesses admitting they had had a security breach through insecure printing.

Printer hacks

The problem exploded into the public eye in November 2018, when around 50,000 printers around the world, in offices and homes, began printing out a message without prompting. The message read:

‘ATTENTION! PewDiePie is in trouble and he needs your help to defeat T-Series! WHAT IS GOING ON — PewDiePie, the currently most subscribed to channel on YouTube, is at stake of losing his position as the number one position by an Indian company called T-Series, that simply uploads videos of Bollywood trailers and songs. WHAT TO DO — 1. Unsubscribe from T-Series 2. Subscribe to PewDiePie 3. Share awareness to this issue #SavePewDiePie 4. Tell everyone you know. Seriously. 5. BROFIST!’

Before the dust could settle on how exactly this had happened, the hacker struck again in December 2018, with another message calling on people to subscribe to the YouTube channel. But this time, the hacker added an additional point:

‘Fix your printer. It can be abused!’

The hacker spoke anonymously to the BBC, stating that the damage could potentially go beyond simple irritation at unsolicited print-outs. He stated that by hacking printers, people could break the devices remotely, capture sensitive data as it is sent to the printer, or even modify what is on a document to be printed.

I know this was a few years ago now but it illustrates that printers can really be vulnerable to hackers if let unpatched.

The hackers were able to access devices through open security ports in people’s home or office networks. These open ports make certain information public, including what Wi-Fi network a device is connected to, which Bluetooth devices have been connected to the device, and much more. The hackers have the capacity to do a wide range of actions from here, including playing videos and music through the device, reset the device, or force it to connect to a Wi-Fi or Bluetooth device of their choosing.

How to protect your devices

There are a number of ways to protect your printers. In particular, we need to consider routers; routers allow connections to and from nearly all of your devices. This convenience, however, comes with a risk — that someone else will come in through the digital doors your router opens for your devices! Nowadays this includes printers, TVs, and more. IT Departments need to find software patches that are supplied by printer manufacturers on their websites, these will secure your printers that may be vulnerable due to hackers finding loopholes in the software. The latest drivers and software updates are available if you find you have older versions installed it would be wise to run the updates.

Advertisement


Folder Lock - Data Security & Encryption [Download]
£12.79amazon uk


UPnP

The crux of this particular hacking problem comes from Universal Plug and Play features, or UPnP. UPnP is a feature on many routers, and it is designed to automatically forward a port on your router. A port is simply a number. Forwarding a port allows external devices (such as a computer) to connect with other services on the same network. In essence, UPnP allows communication between networked devices without any authentication.

So, in the simplest terms, when an external device wants to connect to your network, it sends a network connection request with a port number attached. Your router receives this request, and from the port number, determines where it needs to connect. If a connection request has a port number 80, for example, your router will look to see where port number 80 requests should go as part of its authentication. If port number 80 isn’t open on its network, it will send the request back (no connection). If port number 80 has been opened and given an IP address to send requests to, your router will connect the request accordingly.

UPnP automatically ‘opens up a port’ for incoming request for you in order to let everything on your local network connect with each other seamlessly. This is a problem if a hacker makes a request to your router with a port number you haven’t manually opened for connection by any of your devices, because UPnP will open it automatically. It’s useful for having everything in your home or office connected with each other, but hackers can make use of these freely open ports.

Crucially, UPnP assumes everything on your local network is trustworthy. So, if you accidentally download malware onto your device, that malware is sitting on your local network. If it makes a request to forward a port, i.e. allow an external device to connect to your network, UPnP will allow it.

Disabling UPnP on your router can help protect against these types of hack, at the cost of some convenience — you would have to manually forward ports to allow connections on your network.

Encryption and security programs

Whether it’s a home or business computer, it is certainly worth investigating the security features your printer’s manufacturer supplies. For example, with a Toshiba printer, you can make use of Toshiba SecureMFP to protect business data and secure documents in transit.

An even simpler measure, of course, is to ensure your printer and devices’ software are updated regularly. Most manufacturers have a software and drivers page that you can access online, and this will guide you through updating the software on a given device. In the same way, manufacturers such as HP have dedicated security pages to advice on the minimum security settings for products that are connected to the internet.

For businesses, it is certainly worth discussing with your managed print solutions provider regarding security measures on a wider scale. You can of course make use of the tips above, but depending on the size of your company, a third party company could be the more efficient option.

Be sure to investigate your internet-facing devices to ensure their security features are working as they should in order to avoid potentially costly damages later.


Do you find this article useful? Comment below or follow us on
Facebook, Twitter or LinkedIn.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Advertisement

Popular News

May 06, 2020 IT Security News

Popular VPNs Exposed Users to Attacks

Researchers analysed some of the most popular VPNs and discovered that two of them were affected by vulnerabilities that...

May 19, 2020 IT Security News

EasyJet data breach: Over 9 million customers affected

The personal data of over 9 million EasyJet customers has been infiltrated by hackers, including over 2,000 users' credi...

May 22, 2020 Cyber Security

EasyJet will be sued over customer data breach

Legal firm PGMBM, a specialist in group legal action, has issued a class action claim under Article 82 of the General Da...

Mar 27, 2020 Cyber Security

Hospitals worldwide offered free security software

As cyberattacks against hospitals surge during the coronavirus crisis, technology companies are stepping up to alleviate...

May 18, 2020 Cyber Security

UK power grid operator Elexon hit by cyberattack

The UK’s power grid middleman Elexon has announced it has fallen victim to a cyberattack, which did not compromise pow...

May 05, 2020 Cyber Security

The importance of cybersecurity for UK businesses

Technology is constantly changing and at a pace which is hard to keep up with, but 'safety first' always applies. ...

May 11, 2020 Cloud Security News

Tips to help secure your cloud data in the UK

In this digital age, it’s not a great idea to trust someone with your sensitive data. ...

Apr 01, 2020 IT Security News

Online privacy is all but gone, say Brits

Nearly 80% of UK consumers believe they have lost any real control over how their personal data is collected and used by...

Apr 10, 2020 IT Security News

The importance of security for UK office printers

When it comes to digital security, we tend not to think about printers as they are often seen as dumb devices with a few...

May 07, 2020 Cyber Security

Three quarters of UK homeworkers haven't received cybersecurity training

As Covid-19-related cybersecurity threats continue to multiply, three in four of home workers are yet to receive any cyb...

May 14, 2020 IT Security News

Windows 10 is getting DNS over HTTPS (DoH) support

DNS is one of the last protocols that still runs unencrypted on the Internet. ...

Apr 11, 2020 IT Security News

Tips for testing an IT security experts worth in the UK

There is no shortage of people presenting themselves as security experts. Some of them truly are, the others may or may ...

May 20, 2020 IT Security News

To VPN or not to VPN for business users

It’s a question many organisations are asking as they work to provide secure and reliable remote access at scale. ...

Apr 07, 2020 IT Security News

Eighty per cent of exposed Exchange servers remain unpatched

Over 350,000 Microsoft Exchange servers have not been patched against the CVE-2020-0688 post-auth remote code execution ...

Apr 22, 2020 IT Security News

Kaspersky shares 10 security and privacy tips when using Zoom

The recommendations from Kaspersky come following recent concerns regarding Zoom's security and privacy. ...

Apr 17, 2020 Cyber Security

SonicWall launches boundless cyber security platform

SonicWall has released a new boundless cyber security platform to protect companies and government agencies remote workf...

Advertisement
Symantec Home 120x60

Advertisement