A Potential Security Vulnerability with Popular Home Printers

Security Education – By Dylan “The Magician” Baklor

Consider the following scenario for a moment. You’ve looked forward to a movie during the workday, so you purchase a ticket and use an “email-to-print” feature to print it out. This common feature allows you to send a document to an email address and your printed document will be waiting for you when you return home.  How would you feel if on your return home you found all the paper in your printer tray had been printed on with offensive content or even threats of hacking? This is possible with the default settings of a popular brand of home printer. The error in this scenario is a philosophical one, let me first explain the method briefly then I will explain my thinking. 

 I’d imagined this scenario recently while configuring my own printer. When I set up my home office printer a document printed out with an explanation stating my printer had an email address to which I can forward documents for printing. The username (everything before the @) was randomized but the domain (everything after the @) was a set web address. With open source intelligence gathering tools (Open Source Intelligence or OSINT is any data which can be obtained publicly), in this case I used a sales lead tool that outputs email addresses on a specified domain I ran a search for similar emails. I found 230 printers which were using the email-to-print feature and were vulnerable to the scenario outlined above. 

This philosophical issue is one of choosing convenience as the priority over security. Yes, it would be very cool to send an email off to my printer at home and have those movie tickets ready for a night out. Indeed, I’ll admit to a few technical pranks as a kid printing “I’m alive” or “Look out behind you” on school printers when I was tinkering with networking for the first time. In a great many cases convenience is at the forefront during design phases with a lesser focus of security issues. Security should be in every step of the development process! 

Let me leave you with this thought. When you leave your home don’t you lock your door? It would be more convenient if you didn’t have to fiddle with locks on your way back in wouldn’t it, but you don’t want intruders walking into your home. The same mindset needs to apply to your digital footprint. Using the same analogy, if you have an issue with your locks you can research the lock brand or hire a locksmith for professional assistance. GoldSky Security recommends you reach out to your printer manufacturer or consult a manual to determine if this email-feature is a default setting on your printer. We recommend disabling it. 

If this article got you thinking about some other aspects of the technology in your home or office please reach out, we at GoldSky Security love to educate and empower! 

-Dylan “The Magician” Baklor 

About GoldSky Security

GoldSky Security offers small and medium sizes business cybersecurity solutions across the US and currently has offices in Orlando, Florida and in Denver, Phoenix, Nashville, Colorado & Washington D.C.