Your Printer Might Be the Next Target On the Hacker's List
@kunal-jbK6WG
•
Oct 15, 2024
Oct 15, 2024
1.1K
Believe it or not, the computer criminals have found a way to extract important and confidential data from a device as simple as a printer. The printer which traditionally performed menial tasks of printing pages and scanning documents has evolved into a highly sophisticated machine which can send and receive e-mails. Some of them can even browse the web. Despite all these up gradations, the manufacturers have paid the least bit of attention towards the security aspect of these humble printers. Such inefficiently protected printers can be even made to work together as a single unit and this network can act as online storage for Cyber crooks!
![[IMG]](proxy.php?image=http%3A%2F%2Fwww.crazyengineers.com%2Fwp-content%2Fuploads%2F2011%2F01%2Fprinter.jpg&hash=8a7b3a819913ff92bfe0b04234d59842)
The ShmooCon hacking conference, which is scheduled this week in Washington D.C., will witness two presentations by two researchers demonstrating the vulnerability of printers and how easily they can be hacked to breach a company’s secure network. Deral Heiland, who is going to give one of these presentations, has previously worked as a “penetration tester”. A penetration tester is a guy whose job is to hack into a firm’s system under controlled conditions. "These devices have gone from being standard, simple printers that got on the network to the point where they are totally integrated in the business environment," Heiland was quoted by the <em>Technology Review</em> "And that heavy integration is what makes them a premium target."
At this year’s ShmooCon, Heiland is going to explain about a program called ‘Praeda’ which means ‘to plunder’ in Latin. This program mainly exploits the commonest of security loopholes such as default access codes to get entry into the printers while remaining outside the company’s network. Once the printers are infected, they can be controlled to hack the whole network. As soon as this tool gains access into the network, it becomes capable of robbing a lot many passwords giving it access to other machines and servers. According to Heiland, simple configuration settings play a major role in making printers susceptible to attacks because these passwords are not secret and can be easily found in manuals posted online. Printers that can be accessed through web run the risk of letting a knowledgeable attacker steal passwords.
The another presentation regarding this topic will be presented by researcher Ben Smith will demonstrate another program called “PrintFS”, that instantaneously gathers information about the vulnerable printers in a LAN via internet and transforms them into a storage unit.
So if your printer has got an IP address and is connected to your network, then you should be concerned about its security.
The ShmooCon hacking conference, which is scheduled this week in Washington D.C., will witness two presentations by two researchers demonstrating the vulnerability of printers and how easily they can be hacked to breach a company’s secure network. Deral Heiland, who is going to give one of these presentations, has previously worked as a “penetration tester”. A penetration tester is a guy whose job is to hack into a firm’s system under controlled conditions. "These devices have gone from being standard, simple printers that got on the network to the point where they are totally integrated in the business environment," Heiland was quoted by the <em>Technology Review</em> "And that heavy integration is what makes them a premium target."At this year’s ShmooCon, Heiland is going to explain about a program called ‘Praeda’ which means ‘to plunder’ in Latin. This program mainly exploits the commonest of security loopholes such as default access codes to get entry into the printers while remaining outside the company’s network. Once the printers are infected, they can be controlled to hack the whole network. As soon as this tool gains access into the network, it becomes capable of robbing a lot many passwords giving it access to other machines and servers. According to Heiland, simple configuration settings play a major role in making printers susceptible to attacks because these passwords are not secret and can be easily found in manuals posted online. Printers that can be accessed through web run the risk of letting a knowledgeable attacker steal passwords.
The another presentation regarding this topic will be presented by researcher Ben Smith will demonstrate another program called “PrintFS”, that instantaneously gathers information about the vulnerable printers in a LAN via internet and transforms them into a storage unit.
So if your printer has got an IP address and is connected to your network, then you should be concerned about its security.