What are the risks related to Airprint security?

1.5K    Asked by Amitraj in Cyber Security , Asked on Mar 21, 2022

 I know printers are a security hole. I am trying to get the best setup to minimise risk. Here's the risk that I am trying to mitigate : that an attacker remotely accesses the printer, and uses it as a launchpad to infect other computers.

So I decided to do this:


do not set up access to wifi to the printer. Since I assume settings could be changed, I will not simply disable wifi, I will purchase a printer that does not have wifi capacity


Among all the printers that work for my needs, they all have ethernet capability. I am planning not to plug the ethernet capable, so I should be fine


However, all the printers I saw still had mobile printing capabilities (like airprint). This is most unfortunate, because even though they claim to NOT be wireless, they clearly are (airprint for example requires the printer to generate a local wireless network).


So I am trying to decide whether that's a security risk I can completely mitigate : if I purchase a printer with mobile printing capabilities, and I assume an attacker somehow reverts my settings to disable this capability, what is the worst that can happen ? Via mobile printing, could they update the firmware of the printer ? Could they use it as a launchpad to infect other computers ? Or do mobile printing protocols strictly only allow sending a document for printing, and it cannot be misused?

Answered by ankur Dwivedi

Regarding the airprint security, if you want to use your printer, you cannot mitigate all risks. Even if it is at this moment not possible to hack your specific printer, that does not mean that it won't be possible in the (even near) future. So you need permanent subscription to security/vulnerabilities reports.


What is the worst that can happen? According to Columbia PhD student Ang Cui and Professor Salvatore Stolfo (look them up with google), HP printers can set your house on fire. Or print illegal material (and report you to the cops). Oh, and maybe as a stepping stone. I am often puzzled by the security needs of people that buy simple SOHO printers. They go far beyond the requirements that medical institutions, banks or even intelligence agencies have for their printers. I hope that someone will explain these extravagant security requirements.

If your security needs are so elaborate, you must look into specialised printing devices (with their price tag) or put them in a Faraday cage (Mu copper, soldered with a centimetre overlap). If you think that is too expensive, then you probably don't want to mitigate all the risks. At the time of this writing, there do not seem to be any known hacks to mobile printing, other than those that allow printing (of possible "alternative" content).



Your Answer

Answer (1)

Ranjana

AirPrint security risks include unauthorized access to sensitive documents, network vulnerabilities, data interception during transmission, and the use of default or weak security settings. Proper network security measures and encryption are essential to mitigate these risks.

For further details, you can read more here.

3 Months

Online Course

Tutorials

Salesforce Tutorial

Software Testing Tutorial

SQL Tutorial

Business Analyst Tutorial

Devops Tutorial

Data Science Tutorial

AWS Tutorial

Hadoop Tutorial

SSRS Tutorial

AWS S3 Tutorial

Functional Testing Tutorial

SSAS Tutorial

Automation Testing Tutorial

Manual Testing Tutorial

Selenium Tutorial

Kubernetes Tutorial

Scala Tutorial

ETL Testing Tutorial

Python Tutorial

Pyspark Tutorial

R Tutorial

Unit Testing Tutorial

API Testing Tutorial

Puppet Tutorial

Integration Testing Tutorial

Chef Tutorial

Jenkins Tutorial

Ansible Tutorial

Vagrant Tutorial

Docker Tutorial

Interviews

Parent Categories

Copyright | JanBaskTraining.com