What are the risks related to Airprint security?
I know printers are a security hole. I am trying to get the best setup to minimise risk. Here's the risk that I am trying to mitigate : that an attacker remotely accesses the printer, and uses it as a launchpad to infect other computers.
So I decided to do this:
do not set up access to wifi to the printer. Since I assume settings could be changed, I will not simply disable wifi, I will purchase a printer that does not have wifi capacity
Among all the printers that work for my needs, they all have ethernet capability. I am planning not to plug the ethernet capable, so I should be fine
However, all the printers I saw still had mobile printing capabilities (like airprint). This is most unfortunate, because even though they claim to NOT be wireless, they clearly are (airprint for example requires the printer to generate a local wireless network).
So I am trying to decide whether that's a security risk I can completely mitigate : if I purchase a printer with mobile printing capabilities, and I assume an attacker somehow reverts my settings to disable this capability, what is the worst that can happen ? Via mobile printing, could they update the firmware of the printer ? Could they use it as a launchpad to infect other computers ? Or do mobile printing protocols strictly only allow sending a document for printing, and it cannot be misused?
Regarding the airprint security, if you want to use your printer, you cannot mitigate all risks. Even if it is at this moment not possible to hack your specific printer, that does not mean that it won't be possible in the (even near) future. So you need permanent subscription to security/vulnerabilities reports.
What is the worst that can happen? According to Columbia PhD student Ang Cui and Professor Salvatore Stolfo (look them up with google), HP printers can set your house on fire. Or print illegal material (and report you to the cops). Oh, and maybe as a stepping stone. I am often puzzled by the security needs of people that buy simple SOHO printers. They go far beyond the requirements that medical institutions, banks or even intelligence agencies have for their printers. I hope that someone will explain these extravagant security requirements.
If your security needs are so elaborate, you must look into specialised printing devices (with their price tag) or put them in a Faraday cage (Mu copper, soldered with a centimetre overlap). If you think that is too expensive, then you probably don't want to mitigate all the risks. At the time of this writing, there do not seem to be any known hacks to mobile printing, other than those that allow printing (of possible "alternative" content).