Printer Vulnerability – How Using a Printer Can Attract Threats
Every home office or business uses printers in their daily work – if we are printing out an essay at home, or we are printing out a contract in the office. Usually, our printer is connected to other devices – PCs, laptops, and other electronics, creating a network of sharing and exchanging information constantly. If some malware gains access to one device, it can spread throughout all devices connected to the entire network.
There is a known vulnerability that has existed in the Windows printers for some time (since Windows 95), resolving which has been unsuccessful so far: when connecting to a printer, the user has to install the needed drivers to operate with it; most of the times malicious software gains access to the network through these drivers, which are often freely and randomly downloaded without security checks or at least none that can detect if the downloaded driver is infected.
This way an attacker could easily gain access and compromise a printer, which is a device that doesn’t have such high level security protection, and through it to gain access to the entire network and commit cyber-crimes. In some cases the attacker doesn’t even need to infect an actual printer; they can use a network-equipped device that can pretend it is a printer, i.e. a laptop. In other cases, the attacker can just wait for a legitimate driver request to a legitimate network printer, and respond with malware disguised as drivers.
What Is the Solution to the Printer Vulnerability?
Vectra Network, a security firm which investigated this problem alongside Microsoft, explained that the vulnerability comes from the way the users connect to the printers; in big modern organizations often are available different makes and models of printers and users have the option to choose to which printer to connect, which results in installing different drivers to be able to operate with the different devices. In most cases, companies use the Microsoft Web Point-and-Print (MS-WPRN) approach, which allows these users to connect to any printer on the network, without receiving any warning about the installed drivers, to get the procedure as fast and as convenient as possible.
A recent upgrade has found a kind of solution to the problem – not exactly fixing it, but executing checks and providing warnings to the user when downloading these drivers. The most recent patch cycle of Microsoft will now warn users if they are installing “untrusted” printer drivers, aiming to avoid this installation. This way, users will restrict the access of the attackers to their network. This will also prevent attacks which come not from a specific attacker, but from the Internet – compromised websites or ads can try to connect to the printers in the network, being the most vulnerable devices, and spread malware, if not noticed. These warnings will trigger a new way of dealing with malware threats to the printers, as well as to products like Edge, Internet Explorer and Adobe Flash.