Beware: Your Network Printer Can Be Hacked

By David Strom Print this article Print

The Strominator doesn't want you to live in fear, but this security hacking issue could wreak havoc in your network.

I am not sure I should be telling you this, but your network is a sitting duck for a break-in that is both so elegant and potentially
All you need is your Web browser and some basic knowledge, and while I
put a few things together in this column, it didn’t take me more than
a few minutes of research to do it. This exploit can easily pass through
your firewalls. It can get around your most sophisticated intrusion
prevention systems, and once someone is inside your network, they can
operate in full view of everyone, avoiding the scrutiny of even the
savviest network administrator.
How so, you might ask? Go to Google and type (or copy and paste) in the following text in the search field, and you’ll see an example of what I am talking
What is going on here? Simple.

Your print servers (among other devices that are connected to your network) have built-in Web and other server that can be used to launch an attack on your network. Many of these print servers have been long forgotten about by anyone in IT. They operate from a position of trust inside your network. They have to;
Otherwise, no one would get anything printed out.

And if you click on any of the retrieved pages in our search above, you will be
transported instantly to print servers that are sitting ducks for
hackers to take over. I managed to connect to ones in China and Germany,
and saw that some needed toner or paper, for example.
Yes, it will take a bit more work to install some rogue application, and
yes, just Googling them isn’t really an exploit. But you should have
felt a chill up your back as I did when I first started thinking about
this situation.
And print servers aren’t the only sitting ducks, just the easiest to
explain. How many other IP-connected devices are running on your network
that have been long since installed and forgotten about? Web cameras?
Industrial equipment? Fax servers? Scanners? These last two could be
even more trouble because they come with phone lines to the outside
world that a hacker could use for further exploits.
As the number of these networked devices increases, the situation is
only going to get worse. So what can you do to stop these sorts of

First off, take the time to locate all these forgotten
servers. Do a regular scan of what active IPs are out on your network,
and see if you can associate all of them with known users. Start doing
the research on the unrecognized IP addresses.
Second, scan for traffic on port 9100. This is often the port used by
print servers, and it is an easy way to track down the servers that you
have forgotten. Finally, take some time to read through this
documentation from HP (if you have HP servers) or something similar from
your vendor:

Do you have additional comments on this? I would love to hear from
you. Please post your suggestions, and I will share them.

This article was originally published on 2008-06-02
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.