Blog / More Printer Woes

We’ve written about printers before – in that some contain memory storage devices (hard drives and flash memory) that can be a security risk if not disposed of correctly when the device reaches end-of-life.  Some of your critical files could be thrown out with the printer. This is the first time we’ve heard of a printer being used as a virus launch point.

However, it’s not surprising.  Most MFPs have similar technology and circuitry to a small computer; processor, memory, storage device, network connection, and operating system. All of these are necessary ingredients in the virus-host recipe. Of prime concern is the operating system – the O/S.  We normally see Windows or Apple O/S on our desktop computers and laptops; some even use a freeware system called Linux. MFPs use a purpose-built O/S that has very specific functions in mind – such as receive a document and print it, receive a FAX and store it, or scan a document and Email it. These are designed by software engineers when the MFP is created and they are very good at controlling the functions of the MFP. The device-specific O/S is called the firmware.

But the design engineers were given a very specific task – make the MFP functions work, and they pay little attention to vulnerabilities and possible virus attack entry points. When a hacker wants to attack a MFP, they reverse-engineer the firmware code to examine for entry points.  Then they build a virus specifically for that make and model of MFP. Once they distribute the virus over the Internet, it can infect any MFP of that specific make and model – potentially millions of them.

Viruses can enter the MFP through a variety of ways; it depends on how the hacker designed it.  Printing an infected document, printing from an infected USB stick (if plugged into the MFP port), or receiving an infected (digitized) FAX from the Internet. As the MFP is connected to the network, it’s also possible the virus could pro-actively seek out the MFP if introduced through a desktop or laptop computer.

Then you have to consider that many modern MFPs are Internet enabled.  That means they can connect to the Internet to help manage printer supplies, perform diagnostics, or help with troubleshooting problems. Some even allow remote print and FAX capabilities. Sometimes they connect to the manufacturer’s cloud server, sometimes to a 3rd party vendor, and sometimes to remote computer.  All of these connections increase the risk of a virus attack.

Oh, what do do …

  • Traditional anti-virus programs installed on desktops or laptops are ineffective in stopping this type of attack.  The only way to close the hole is to have the MFP manufacturer re-design the firmware and issue a firmware update.  Firmware updates are periodically released for most devices, especially from larger, more reputable manufacturers. Installing firmware updates is not a trivial process and usually requires the services of a technician to insure it’s done correctly. If not, it could render the MFP inoperable.
  • Firewalls with up-to-date (cloud-based) counter-measures can help prevent the virus from calling home.  While the virus may reside on the MFP, its dormant as it can’t establish a connection to the virus server over the Internet.
  • It might also be possible to segregate the MFP on it’s own subnet of the network, which would limit damage if a virus were to spread; it can’t get to your critical files stored on the server.  Segregating the MFP like this requires careful planning and management, which is probably beyond the scope of most small networks.
  • Limit connections to the Internet from MFPs.  This can usually be done through the configuration utility or the front panel.
  • And backups.  As with all potential virus attacks, having good reliable tested backups is critical to insuring you have a method of recovering from a virus attack.

If you would like more information of protecting you network from viruses – especially those that might infect MFPs, please contact your primary technician.


By submitting this form, you are consenting to receive marketing emails from: TRINUS Technologies Inc, 3806 - 49th Avenue, Stony Plain, AB, T7Z 2J7, https://www.trinustech.com/. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact