When businesses think about cybersecurity, they typically focus on computers, servers, and cloud systems. Firewalls get configured, antivirus software gets installed, and staff receive training on phishing emails.
But there’s a category of devices that often gets completely overlooked: printers, scanners, and multifunction devices. These humble office workhorses are connected to your network, process sensitive documents daily, and are frequently left running outdated firmware with default passwords. For cyber criminals they represent an open door.
More Than Just Paper Pushers
Modern office printers are sophisticated networked devices. They have their own operating systems, storage drives, and processing capabilities. They connect to your network, communicate with cloud services, and often have remote management features enabled by default.
In other words, they’re computers – just ones that happen to print things. And like any computer on your network, they can be compromised.
The difference is that while your workstations and servers receive regular security updates and monitoring, printers often sit forgotten in the corner, running the same firmware they shipped with years ago.
The Real Risks
The security vulnerabilities associated with printers and scanners are more serious than many business owners realise.
Network access: A compromised printer can serve as a launching point for attacks on other devices in your network. Once an attacker gains a foothold, they can move laterally to access servers, workstations, and sensitive data.
Data theft: Printers process and often store copies of everything that passes through them – contracts, financial reports, employee records, customer information. Many devices retain this data in memory or on internal storage drives, creating a potential treasure trove for attackers.
Document interception: Attackers who compromise a networked printer can potentially intercept print jobs, gaining access to confidential documents without anyone realising.
Credential harvesting: Printers are often configured to connect to email servers, cloud storage, and directory services. Compromising the device can expose these credentials, enabling further attacks.
Botnet recruitment: Like any networked device with processing power, printers can be recruited into botnets – networks of compromised devices used for distributed attacks or cryptocurrency mining.
Common Vulnerabilities
Several factors make printers particularly vulnerable to attack.
Default credentials: Many printers ship with default administrator passwords that are never changed. These defaults are publicly documented and easily discovered by attackers.
Outdated firmware: Printer firmware updates are rarely prioritised, leaving known vulnerabilities unpatched for years. Manufacturers regularly release security updates, but they’re often never applied.
Open protocols: Older printers may support insecure protocols or have unnecessary services enabled, expanding the attack surface.
Physical access: Printers are often located in shared spaces where anyone can access their control panels, USB ports, or stored documents left in output trays.
Lack of monitoring: While suspicious activity on workstations might trigger alerts, unusual behaviour from a printer typically goes completely unnoticed.
High-Profile Incidents
This isn’t theoretical risk. Printer vulnerabilities have been exploited in numerous documented attacks.
In 2018, a hacker demonstrated the scale of the problem by exploiting vulnerable printers worldwide to print messages promoting a YouTube channel. While that particular incident was relatively harmless, it highlighted just how many unsecured devices were exposed to the internet.
More seriously, printer vulnerabilities have been used in targeted attacks against businesses, with compromised devices serving as persistent backdoors into corporate networks.
Research has repeatedly demonstrated that even major printer manufacturers’ devices contain serious security flaws – from remote code execution vulnerabilities to authentication bypasses.
Securing Your Print Environment
The good news is that securing your printers doesn’t require dramatic investment – just attention and good practice.
Change default passwords: This should be the very first step. Every printer with administrative access should have a strong, unique password.
Update firmware regularly: Establish a schedule for checking and applying printer firmware updates, just as you would for other network devices.
Segment your network: Where possible, place printers on a separate network segment with controlled access. This limits the potential damage if a device is compromised.
Disable unnecessary features: If remote management, cloud connectivity, or legacy protocols aren’t needed, disable them. Every enabled feature is a potential attack vector.
Enable encryption: Many modern printers support encrypted connections for print jobs and administrative access. Enable these features where available.
Secure physical access: Position printers in areas where sensitive documents won’t be left unattended in output trays, and consider devices with secure print release features.
Include printers in your security monitoring: Ensure your IT team or provider includes print devices in regular security assessments and monitoring activities.
Don’t Let Printers Be Your Blind Spot
Printers might not be glamorous, but they’re an integral part of your network – and your security posture. Treating them as “just printers” rather than the networked computers they’ve become leaves a significant gap in your defences.
A few simple steps can dramatically reduce your exposure. The question is whether you’ll address the risk before an attacker exploits it.
Unsure about the security of your networked devices? Provident IT Solutions offers comprehensive security assessments that examine your entire IT environment – including the devices that often get overlooked. Get in touch to arrange a review of your business’s security posture.
