cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Secure your printers!!!

twocvbloke
Seasoned Hero
Posts: 6,399
Thanks: 1,782
Fixes: 3
Registered: ‎06-11-2014

Secure your printers!!!

‎05-10-2016 4:20 PM - edited ‎05-10-2016 4:21 PM

Not a tech article or news piece, just general advice...

 

Last night I was looking up info on the web interface on my HP CP2025dn printer, and using terms I'd seen in its web interface I googled them to try and translate them into human english, only, what I discovered were page results that were other people's printers!!! With fully open web interfaces!!! So you could happily change settings, apply passwords, and even send print jobs to them!!! Shocked

 

I was utterly astounded to find printers that were just not secured, and just as a quick test, I sent a .txt file to one (with a polite message telling them their printer was open to the web and they should consult a networking professional to lock everything down properly), and it worked... Crazy2

 

So, if you have a networked printer that has a built-in web server to access its settings, set a username and password, just so you don't end up with people doing random (and potentially malicious) junk from around the world via a simple google search!!! Crazy

Message 1 of 7
(871 Views)
Reply
0 Thanks
6 REPLIES 6
Browni
Aspiring Hero
Posts: 2,673
Thanks: 1,054
Fixes: 60
Registered: ‎02-03-2016

Re: Secure your printers!!!

‎05-10-2016 4:22 PM

Unsecured webcams are more fun Cheesy

Live router stats
Message 2 of 7
(868 Views)
Reply
twocvbloke
Seasoned Hero
Posts: 6,399
Thanks: 1,782
Fixes: 3
Registered: ‎06-11-2014

Re: Secure your printers!!!

‎05-10-2016 4:29 PM

Thankfully I wasn't looking for webcam settings, I don't even own one... Grin

Message 3 of 7
(859 Views)
Reply
0 Thanks
Anonymous
Not applicable

Re: Secure your printers!!!

‎05-10-2016 11:00 PM

This is yet another example of why you should NEVER enable UPnP on your router !  Crazy

Message 4 of 7
(821 Views)
Reply
0 Thanks
7up
Community Veteran
Posts: 15,808
Thanks: 1,558
Fixes: 17
Registered: ‎01-08-2007

Re: Secure your printers!!!

‎05-10-2016 11:15 PM

You think printers are bad... back in 2010 I discovered a google search query that brings back results for phpmyadmin that is installed on websites - with no login credentials needed. One website was for an alloy wheel shop up north - it's entire database was sat there completely open to the public. I gave them a phone call to tip them off and the woman wasn't even bothered and asked why it was important - I said to her "well if I change the delivery address on a set of £2k alloy wheels that someone has just ordered, you send it there and then I change the address back, where are you going to look for the wheels that just cost you £2k?"

The realisation and shock was enough to change her tone of voice instantly and suddenly she wanted to know how to get it fixed. Not much I could say to that other than "call your web developers, have them remove it and then use someone else who has a clue about security".

phpmyadmin was gone within the hour. That search term still works though and brings up fresh results every week / month depending on which idiots have uploaded a copy to their sites.

I need a new signature... i'm bored of the old one!
Message 5 of 7
(814 Views)
Reply
0 Thanks
twocvbloke
Seasoned Hero
Posts: 6,399
Thanks: 1,782
Fixes: 3
Registered: ‎06-11-2014

Re: Secure your printers!!!

‎06-10-2016 10:58 AM

Ah the phpmyadmin, been a while since I last thought about that one, and there's the installation folders for forum software where anyone can access the critical behind-the-scenes stuff where inexperienced people have left it in place and in its default folder structure form... Grin

 

But still, the printer thing can be problematic, after all, that printer I sent a .txt file to, there were a lot of instances of other people sending print jobs to it, so goodness knows what they were printing, could have been anything from unpleasant messages, to strong pornography... Shocked

 

Of course, the best printer security is just to switch it off when not needed, like mine is right now, can't access what isn't powered up... Cool_smiley

Message 6 of 7
(786 Views)
Reply
0 Thanks
carllilley
Dabbler
Posts: 10
Thanks: 7
Registered: ‎02-09-2016

Re: Secure your printers!!!

‎07-10-2016 5:33 PM

If people are worried, they can go here

Run the upnp scanner, as well as the open port scanner to check for issues.

 

Carl.

 

Message 7 of 7
(760 Views)
Reply
0 Thanks