cancel
Showing results for 
Search instead for 
Did you mean: 

Secure your printers!!!

Community Veteran
Posts: 5,238
Thanks: 1,130
Fixes: 3
Registered: 06-11-2014

Secure your printers!!!

Not a tech article or news piece, just general advice...

 

Last night I was looking up info on the web interface on my HP CP2025dn printer, and using terms I'd seen in its web interface I googled them to try and translate them into human english, only, what I discovered were page results that were other people's printers!!! With fully open web interfaces!!! So you could happily change settings, apply passwords, and even send print jobs to them!!! Shocked

 

I was utterly astounded to find printers that were just not secured, and just as a quick test, I sent a .txt file to one (with a polite message telling them their printer was open to the web and they should consult a networking professional to lock everything down properly), and it worked... Crazy2

 

So, if you have a networked printer that has a built-in web server to access its settings, set a username and password, just so you don't end up with people doing random (and potentially malicious) junk from around the world via a simple google search!!! Crazy

6 REPLIES
Browni
Aspiring Hero
Posts: 2,178
Thanks: 746
Fixes: 45
Registered: 02-03-2016

Re: Secure your printers!!!

Unsecured webcams are more fun Cheesy

I must have been really bad in a previous life as this was my 3rd ISP in a row that used lithium.
Now you're stuck with me because my new ISP doesn't run a forum Cheesy
Community Veteran
Posts: 5,238
Thanks: 1,130
Fixes: 3
Registered: 06-11-2014

Re: Secure your printers!!!

Thankfully I wasn't looking for webcam settings, I don't even own one... Grin

Community Veteran
Posts: 5,472
Thanks: 292
Fixes: 4
Registered: 11-08-2007

Re: Secure your printers!!!

This is yet another example of why you should NEVER enable UPnP on your router !  Crazy

Community Veteran
Posts: 14,345
Thanks: 685
Fixes: 10
Registered: 01-08-2007

Re: Secure your printers!!!

You think printers are bad... back in 2010 I discovered a google search query that brings back results for phpmyadmin that is installed on websites - with no login credentials needed. One website was for an alloy wheel shop up north - it's entire database was sat there completely open to the public. I gave them a phone call to tip them off and the woman wasn't even bothered and asked why it was important - I said to her "well if I change the delivery address on a set of £2k alloy wheels that someone has just ordered, you send it there and then I change the address back, where are you going to look for the wheels that just cost you £2k?"

The realisation and shock was enough to change her tone of voice instantly and suddenly she wanted to know how to get it fixed. Not much I could say to that other than "call your web developers, have them remove it and then use someone else who has a clue about security".

phpmyadmin was gone within the hour. That search term still works though and brings up fresh results every week / month depending on which idiots have uploaded a copy to their sites.

I need a new signature... i'm bored of the old one!
Community Veteran
Posts: 5,238
Thanks: 1,130
Fixes: 3
Registered: 06-11-2014

Re: Secure your printers!!!

Ah the phpmyadmin, been a while since I last thought about that one, and there's the installation folders for forum software where anyone can access the critical behind-the-scenes stuff where inexperienced people have left it in place and in its default folder structure form... Grin

 

But still, the printer thing can be problematic, after all, that printer I sent a .txt file to, there were a lot of instances of other people sending print jobs to it, so goodness knows what they were printing, could have been anything from unpleasant messages, to strong pornography... Shocked

 

Of course, the best printer security is just to switch it off when not needed, like mine is right now, can't access what isn't powered up... Cool smiley

carllilley
Hooked
Posts: 6
Thanks: 4
Registered: 02-09-2016

Re: Secure your printers!!!

If people are worried, they can go here

Run the upnp scanner, as well as the open port scanner to check for issues.

 

Carl.