A group of Italian cybersecurity researchers has put together a set of three attacks known as ‘Printjack,’ alerting people of the serious risks of trusting their printer too much.
According to experts, modern printers are still exposed to rudimentary weaknesses and fail to keep up with other IoT and digital devices that began complying with cybersecurity and data confidentiality regulations.
Following an evaluation of the attack, the experts discovered non-compliance with GDPR requirements and the ISO/IEC 27005:2018 (framework for managing cyber-risks).
This absence of built-in protection is especially concerning given the widespread use of printers in critical environments, businesses, and companies of all sorts.
In ‘You Overtrust Your Printer’, a paper written by Giampaolo Bella and Pietro Biondi is explained how the search engine Shodan was used to search for devices with a publicly accessible TCP port 9100, usually used for raw TCP/IP printing jobs. The devices were located in European countries.
Following the scan, tens of thousands of IPs reacted to the port inquiry, with the most vulnerable devices being in Germany, Russia, France, the Netherlands,