Danger of Insecure Industrial Printers: Is It Your Weakest Link?
When thinking about your manufacturing floor or OT environment, what would you consider to be a significant potential security risk? Some might point to employees who may be tricked into clicking on a malicious email attachment or website link. Others may naturally point to a network hub that is coordinating the communication between critical machinery. Few are likely to think of the unsuspecting lone printer that is silently humming in the corner.
Unfortunately once again, appearances are deceiving. Far from innocent, your smart industrial or 3D printer which is connected to the internet, or indirectly connected through the network, provides a wealth of opportunity for a hacker looking to cause some serious damage. From bringing operations to a halt to obtaining sensitive information, we take a look at some of the potential damage that can be caused if your industrial printer is successfully hijacked.
Steal Sensitive Data
Think about all the data that is sent to your printer, whether that be commercially sensitive IP or product design configurations for a 3D model. Printers hold a bevy of information and many times that information can be highly sensitive. This data in the wrong hands could not only represent a threat to your organizational operations, but any compromised data could put you in breach of privacy regulations.
An example of this occurred when researchers found a remote code execution vulnerability in some of HP’s enterprise printers, the vulnerabilities were discovered using PRET, a printer exploitation toolkit that allowed them to access the content of any print job. The potential exploitation was so effective it could bypass PIN protected printing tasks, reset device factory settings and remove admin passwords.
On having gained access into an industrial printer, a hacker may decide to cause havoc by significantly impairing device performance and functionality or cause it to just shut down altogether. One method of achieving this is through a distributed denial of service (DDoS) attack. This is where a hacker overburdens an IoT device by sending a huge amount of communication to it all at once, causing it to overburden and become unavailable.
In 2018, printing presses used by major US newspapers, including the Los Angeles Times, Chicago Tribune, Wall Street Journal, and New York Times were hit by a cyber attack that caused major disruptions and delays. The malware attack which targeted a printing production platform in Los Angeles effectively brought down production which led to distribution delays in the Saturday editions of those newspaper outlets.
Industrial printers more so than home or enterprise printers, represent an added risk due to the nature of the material that they print. While an enterprise printer could be hacked to print out thousands of copies of offensive leaflets, an industrial printer that is used to print stickers for medication packaging or labels to be placed inside airplane cockpits represents a whole other level of risk. If undetected, the misprint could result in potentially life threatening outcomes.
An attack pathway can be designed to get remote control over a printing press and provide the hacker with the means to sabotage printing jobs, whether that be to cause the printer not to work properly or adapt its programmed functionality. For example, a hacker may change the chemical elements of a 3D printing part to make it less durable and resistant to extreme conditions, if the part is then embedded into operational machinery, the machinery could malfunction, potentially causing harm to the user or anyone nearby.
Easy to Exploit
There are numerous instances where hackers are known to target printers because they are often not designed or configured with security in mind. Across the cybersecurity ecosystem of a production plant, and compared to other points in the network, such as the cloud or desk-tops, printers typically have minimal protection and therefore represent sitting ducks.
Security researchers at the SANS Internet Storm Center discovered that thousands of 3D printers are exposed online without proper defense. Highly worrisome, the researchers found more than 3,700 instances where 3D printing interfaces were exposed online and susceptible to remote cyber attacks. An unauthorized party can get control over print jobs through the interface, and use it to carry out malicious activities, including cyber espionage and sabotage.
Although the risks are high, the industry standard for protecting industrial printers is well below that for protecting computers and other endpoints. If there is any protection at all, it may be through a network monitoring solution that is designed to monitor the traffic flowing into the network.
While network monitoring solutions are an important part of the cyber stack, you can’t rely on them exclusively. They’re designed to only detect cyber threats and vulnerabilities and report on them, there is no automatic remediation to stop threats in their tracks. This is like installing a guard outside of a property who only reports on the appearance of an intruder and allows them to continue walking straight in.
To effectively protect connected industrial or 3D printers a full endpoint, detection and response agent is needed, guarding the device itself. A security agent, like that provided by Firedome, responds automatically to a threat, rather than requiring any human intervention for remediation.
If you take away anything from this article, it’s critical that you check the level of security of your printer, and enquire with your provider if there is any embedded security agent. The worst thing you can do is nothing, and hope that any hacker targeting your sitting duck has bad aim.