Hacking Network Printers
Hack a printer you say, what kind of toner have you been smoking, Irongeek? Well, I’m here to tell you, there’s more that can be done with a printer to compromise network security than one might realize. In the olden days a printer may not have been much of a concern other than the threat from folks dumpster diving for hard copies of the documents that were printed from it, but many modern printers come network aware with embedded Operating Systems, storage and full IP stacks. This article will attempt to point out some of the more interesting things that can be done with a network based printer to make it reveal information about its users, owners and the network it’s part of.
Some of this article may seem a little Black-hat as it concentrates more on the breaking-in than the keeping-out. However I feel this information will be useful to system administrators and auditors so that they know what sorts of things to look out for when it comes to network printers. If you want more advice on how to lock down your network printer visit your vendors web site. A guide from HP is linked at the bottom of this article for your convenience. If nothing else, this article may get you thinking in the right direction.
For my tests I will mostly be using a Hewlett-Packard LaserJet 4100 MFP (Fax/Printer/Copier/Scanner), an HP JetDirect 170x and a HP JetDirect 300X (J3263A) but I will also touch a bit on the Ricoh Savin series of printers lest you think HPs are the only network printers with security problems.
Much of this article will read like a huge brain dump, sort of disorganized and hazy like my mind. It all started as a project for Droop’s Infonomicon TV and it snowballed from there with no specific direction. Bear with me as I clean it up and other folks send me new additions and suggestions to make this article more useful.
The most recent version of this article can be found at: http://www.irongeek.com/i.php?page=security