Multifunction Printer Security

Executive Summary

Multifunction printers (MFPs) provide immense value to enterprises due to the administrative support the devices provide. Cyber attackers can exploit these machines via networking, facsimile and printing functionalities. Mitigations include discontinuing the use of Common Unix Printing System, maintaining device updates, safeguarding MFP IP addresses, implementing access controls, and utilizing network segmentation and storage data encryption. If these devices are not secured, attackers can gain remote access to networks, servers, individual computers and data, resulting in asset loss from denial of service, productivity loss, theft and compliance violations. Best practices include adding MFP considerations to risk management strategies and incident response plans.

Background

Because Multifunction Printers, or MFPs, can use facsimile, email, network connection and printing protocols, these machines are especially sensitive to exploits [1]. Physical and web-based management consoles can fall prey to phishing or default password attacks [3]. Since the management console controls MFP settings and data, a successful attack could grant access to any stored data or render the machine unusable.

In 2018, researchers shared how fax machines could be used on phone lines as a point of entry into a network to disseminate malware to remotely control a connected computer [2]. Although patches have been used in industry to address this, older devices that are missing these updates are still at risk. This would put computers that share network connection with these devices at risk of being infiltrated as well. 

MFPs can also be exploited through their printing functionality. Due to a vulnerability in the Common Unix Printing System, or CUPS, attackers can send remote print jobs that contain malicious code to the MFP in order to gain access to connected network computers [6]. Once executed, a remote shell is sent to the attacker that can be used to gain control of the machine that sent the print request. Threat actors can access MFP stored data and if unencrypted, data confidentiality can be breached, allowing attackers to view or exfiltrate stored print jobs [5].

Traditionally, printers have used the Internet Printing Protocol (IPP) to increase printing options such as remote printing, sharing printers within and between networks, and print job encryption [4]. This protocol is popular due to the configuration and operation convenience it gives users by allowing them to see machine settings, queue and status.  Just as much convenience is provided to authorized users to connect to these machines, attackers can gain unauthorized access as well.  Attackers can gain access by exploiting vulnerabilities in the IPP and Server Message Block (SMB) protocols. If successful, they can perform remote shell and code execution attacks on MFPs and connected computers.

Impact

MFPs are common office machines and are often highly enmeshed in daily business operations. Any loss of functionality can greatly impact productivity. Because attackers can use MFPs as network entry points, both the MFP itself and any connected device can be impacted. Data breaches can result in additional financial and legal consequences. If risk management strategies do not include MFP device security, asset loss can extend beyond the printers and can include network denial of service, ransomware and compliance violations.

Mitigation

In addition to basic practices such as maintaining device updates and using antimalware software, more steps can be used to secure these devices. One of the most important mitigations is restricting enterprise MFPs both internally and externally. Connection between these machines and other network devices can be limited through firewalls. In addition to blocking non-enterprise connections, placing these devices only on secure, segmented networks can mitigate malware spread between an MFP and connected devices. Using these practices, damage can be contained in the event of an intrusion.

Additionally, discontinuing the use of default passwords, CUPS and other unused services, and blocking external traffic to the MFP can prevent attackers from sending malicious print jobs to the printer. Blocking or restricting the use of other common printing protocol ports can also be effective. If an attack is coming from inside the network, antimalware software can be used to block attacks. Encrypting device storage drives can protect data confidentiality. 

MFP security should be included in risk management strategies. Access passwords should be secure and updated often to prevent phishing and cracking attacks. Analysis of access log monitoring, intrusion detection systems and penetration tests should include these devices. This insight provides invaluable information to refine risk management strategies and incident response plans.

Relevance

MFPs are key operations support devices due to the convenience and increased productivity they provide. Any damage incurred to these devices can result in negative impacts on business operations. Due to the multifunctionality of these devices, attackers can gain access to MFPs in-person or remotely through the use of phone lines, the internet or other connected network computers. This can result in asset loss from theft, repair or replacement costs and compliance violation fines. Risk management can often focus on network and computer security, leaving MFPs unsecured entry points to a network. This can render cybersecurity measures redundant. Because these can greatly impact enterprise operation, it is essential for MFPs to be included in incident response planning and risk management strategies.

References

[1] Bitdefender Enterprise. (2023, April 16). Overlooked endpoints: Why multifunction printer (MFP) security is essential. Business Insights. https://www.bitdefender.com/blog/businessinsights/overlooked-endpoints-why-multifunction-printer-mfp-security-is-essential/?srsltid=AfmBOoqPBoY17m-8dwZKW3IHyT3hNhbQrkmUEikDuqS58N6TJOu-_NsW%2F

[2] Cimpanu, C. (2018, August 13) Vulnerabilities in Fax Protocol Let Hackers Infiltrate Networks via Fax Machines. BleepingComputer. https://www.bleepingcomputer.com/news/security/vulnerabilities-in-fax-protocol-let-hackers-infiltrate-networks-via-fax-machines/

[3] Costantini, L. (2023, August 23). Understanding Printer Vulnerabilities: Common Attack Methods and How to Avoid Them. The Simply Smarter Blog. https://business.sharpusa.com/simply-smarter-blog/understanding-printer-vulnerabilities-common-attack-methods-and-how-to-avoid-them

[4] Papercut. (2023, August 23). Printing Over a Network? You Should be Using IPP Printing. Blog. https://www.papercut.com/blog/print_tips/printing-over-a-network-you-should-be-using-ipp-printing/

[5] Preusz, B. (2023, December 5). 10 Elements of Printer Security: A Comprehensive Guide for Business in 2024. Les Olson IT. https://lesolson.com/blog/10-elements-of-printer-security-comprehensive-guide-for-business/

[6] Tenable Security Response Team. (2024, September 26). CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities. Tenable Blog. https://www.tenable.com/blog/cve-2024-47076-cve-2024-47175-cve-2024-47176-cve-2024-47177-faq-cups-vulnerabilities