Has your Printer been hacked?

It all sounded rather harmless at first. A little online ratings battle by a couple of YouTube channels in search of more subscriptions. But in December 2018 things started to get weird for a whole host of companies around the world, including The Wall St Journal, The BBC and the NHS.

For the second time this year, thousands of printers had been hacked in order to print messages in support of YouTube’s most popular vlogger, PewDiePie. A hacker on Twitter has claimed responsibility for the printouts, stating that the stunt is apparently their way of raising awareness of printer security. One hacker claimed that more than 100,000 printers worldwide have been forced to waste ink on spreading the word, although there’s also a message about security in the mix too.

Hackers commandeered around 50,000 printers in November and caused the devices to spit out papers with requests for the message’s recipients to subscribe to PewDiePie’s YouTube channel. According to the BBC, a second round of attacks has happened with the message changing slightly this time but being printed out on over 100,000 devices.

While the people who took control of the printers certainly did hack them, they told the BBC that part of the goal behind the attack on printers was to raise awareness of how serious hacking is.

Interconnectivity: Good vs Bad

For years, office equipment has embraced the wonders of new technology from laptops to Wi-Fi access, smartphone tools and remote printing and scanning. Interconnectivity between devices is now the norm. It has been widely recognised that discarded PCs can be a potential security risk  because their hard disks may retain information that an IT thief can access. What is less known is that similar risks may apply in the case of scanners, photocopiers and some printers.

Hacking: Harmless fun or malicious intent

Many photocopiers take an electronic copy of the document they are scanning or copying. Like computers, printers have a volatile memory (like computer RAM), which is lost when you turn off the device and a non-volatile memory which retains the image on an internal hard drive (same as a computer). If that hard drive is not secure – or the Wi-Fi network that machine sits on does not secure the photocopier  or printer – it could be a backdoor for hackers to access into the machine and download all the data on that drive.

If that device is hacked the results are at first predictable.

  • Hackers clog up your printer with junk printing
  • Companies can waste reams of paper
  • Urgent documents are stuck in a printing queue
  • Printers using valuable electricity on wasteful printouts

… and then have more important ramifications

  • Your organisation may suffer public and humiliating negative publicity through lost or stolen data. The reputational damage arising may prove to be difficult to rectify
  • If the data breach concerned results in the disclosure of highly confidential information you may be sued for damages
  • You may have breached the new GDPR guidelines

Some advice from Direct-Tec

  • Get your IT professional to ensure that all electronic storage areas of your old copiers and scanners are professionally deleted prior to disposal.
  • Physically destroy any such storage components in advance of disposal – but be aware of the fact that unless you’re an expert, you may find it difficult to identify which components are the ones putting you at risk.
  • All printer firmware needs to be up-to-date and security patches installed. Old models without security updates should be taken offline
  • Dispose of your old technology only through an accredited and security-vetted disposal company who will offer you the appropriate legal guarantees relating to the security of any historic information

These are a few very basic steps, but they may help you to avoid data breach headaches. If you’d like to find out more about this important subject, please contact us here at Direct- Tec.