A new type of DDoS attack against internet connected printers in to limelight now. Printers, which are not routinely configured and use minimum security, are exposed to a new set of attacks dubbed Printjack.
Large number of printers are publicly exposed on the internet, making it easy for attackers to send malicious data remotely. Due to the lack of an authentication process to verify the sent data, printers may suffer other vulnerabilities that may turn out to be exploitable .
This lack of in-built security can lead to a series of new attacks that include recruiting the printers in DDoS swarms, imposing a paper DoS state, and performing privacy breaches.
The first type of Printjack attack, threat actors exploit a known RCE vulnerability (CVE-2014-3741) to turn printers into an army of botnets for launching DDoS attacks.
The second attack is a ‘paper DoS attack’ and can be achieved by sending repeated printing jobs until the victim runs out of paper. As a result, this can lead to service downtime.
The third type of attack is the most severe of all Printjack attacks as there’s the potential to carry out MitM attacks and eavesdrop on the printed material.
While there is no evidence of attacks by threat actors, telemetry shows that around 50,000 printers are exposed online in the top ten European countries alone.These printers can be accessed through TCP port 9100.
Highlighting the lack of security for printers, researchers state that printers ought to be secured to other network devices such as laptops. Printer vendors need to upgrade their devices’ security and data handling processes. Similarly, users and businesses must do their part by limiting privileged access.