Stop your printer being hacked
PRINTER Time required: 30 minutes
ANY DEVICE THAT CAN connect to the internet needs to be kept secure. This is as true for printers as it is for laptops, phones, and tablets. Printers are increasingly becoming fullyfeatured online devices that download their own updates automatically, report how much ink you’re using, and if you have signed up for a subscription or membership scheme, order new cartridges just before your current ones run out.
All of this makes life easier for you, but it also means you must add your printer to the list of devices you need to consider when assessing the security of your network. Fortunately, bigname printer manufacturers have a vested interest in keeping them safe. They don’t want to risk the reputational damage of being associated with a widespread security breach and they wouldn’t want to risk losing customers and the ink sales that go with them.
For the most part, then, as long as your printer is properly set up, it’s probably safe. But that doesn’t mean you should sit back and hand over responsibility for your network’s protection to its manufacturer. Here, we’ll guide you through the process of checking that your printer isn’t a security risk, and explain how to keep it that way. –NIK RAWLINSON
FIND YOUR PRINTER’S CONTROL PANEL
While you can typically perform basic configuration tasks using a printer’s screen, connected devices usually have a far more advanced and flexible online dashboard that you access through a browser. There are two ways to find it—one is to check the machine’s IP address using any onboard screen and buttons. We’re using an HP Envy 5030 Wi-Fi-connected printer as our example. The precise instructions you need to follow will depend on your model, but the principles will be the same.
» Wake the screen and, on the Envy 5030, tap the wireless icon, which is the third image on the bottom bar. On the next screen, take note of the four sets of digits beside IP, which in our case is 10.0.0.27 [ Image A]. If you don’t have an equivalent icon on your printer, open its settings screens and look for options relating to network, connection, or Wi-Fi.
» You can also look up your printer’s IP address through your router. Open the Windows menu and type CMD, then click Command Prompt. At the prompt, type ‘ipconfig’ and press Enter, then look for the four sets of digits beside Default Gateway. This is the address of your router on your network.
» In our case, it’s 10.0.0.1, but 192.168.1.1 and 192.168.1.254 are common alternatives. Type the address into your browser and, if prompted for a password, check the back of the router, where the administrator login details should be on a sticker. These are different from the password you use to connect devices to Wi-Fi.
» Click through the router configuration pages until you find a list of devices on your network. On our Netgear Nighthawk AX8 router, for example, we get to the list by clicking Attached Devices. Now search for your printer.
» Our Netgear router helpfully has icons beside each device, which make it easy to distinguish between printers, smart speakers, satellite units in mesh Wi-Fi systems, and so on. We can therefore confirm that our printer is indeed located at 10.0.0.27. Type the printer’s address into a browser to access its control panel.
ADD A PASSWORD TO YOUR ONLINE DASHBOARD At this point, we encounter our first potential vulnerability, but we only have ourselves to blame. Typing the IP address gives us direct access to the dashboard without having to enter a password. In theory, that shouldn’t be a problem as the firewall on our router should stop anyone from the outside world from getting as far as our printer. However, if there was a problem with the router, like a vulnerability or a missed update that exposed our network to hackers, our printer could be targeted.
» The first job, then, is to click Settings on the top bar, followed by Security, then Password Settings, in the sidebar. Type a complex password into the Password
box, repeat it in the Confirm Password box, then click Apply [ Image B]. The standard advice about not recycling a password you’ve used elsewhere applies here—as does using a mix of upper- and lower-case letters, numbers and punctuation, and not using single regular words. Don’t worry about forgetting the password: you can always write it on a label and stick it to the back of the printer where nobody will be able to find it unless they have physical access to the device.
3 CHECK YOUR PRINTER IS FULLY UPDATED
Printers run their own operating systems, which just like Windows, need to be updated regularly. Internet printers will do this automatically if they can connect to the manufacturer’s servers, but it’s worth checking, periodically, that there’s no problem.
» On our Envy printer, we clicked Tools on the top bar, followed by Printer Updates in the sidebar, then Firmware Updates. Then we clicked the Check Now button 2 and the printer looked for the latest firmware release. Follow similar instructions on your printer and it will tell you if any firmware updates are available.
» Don’t panic if your printer shows a connection error message, as ours did when we first visited the screen showing updates. This was caused by our broadband being temporarily offline, rather than a problem with the printer itself.
4 TURN OFF SERVICES YOU DON’T USE
One of the best things about connected printers is that they let you use remote printing services, such as Google Cloud Print and HP ePrint. Cloud Print was a service that let you send documents to supported printers from anywhere on the internet, while HP ePrint lets you email documents for printing on any HP printer.
» Although Google Cloud Print is enabled on our device, Google no longer supports the service, so we might as well switch it off. We did this on our Envy printer by clicking ‘Settings’ on the top bar, followed by Security in the sidebar, then Administrator Settings. We then unticked the box beside Google Cloud Print, which disabled the option to ‘Print with Google Cloud Print over Wireless Network’. Finally, we clicked Apply.
» If you’re using a connected HP printer and never use its ePrint service for emailing documents to the device, you can disable ePrint by clicking Web Services, followed by Summary, then clicking the Turn Off button beside HP ePrint.
» You might also consider turning off Wi-Fi Direct, which lets supported devices access the printer without going through the wireless network. We did this by clicking Network on the top bar, followed by Wi-Fi Direct in the sidebar, then Status [ Image C]. Then we clicked Edit Settings and selected Off in the dropdown menu beside Status. As before, clicking Apply completes the job.
» Whichever brand of printer you’re using, don’t disable any services related to your ink-subscription service, if you have one.
On the Envy 5030, for example, this is done by clicking Web Services, followed by Remove Web Services in the sidebar, then the Remove Web Services button. Doing this may prevent the device from reporting usage and ink levels to the manufacturer, so replacement cartridges might not arrive when you need them.
5 CHANGE YOUR NETWORK PASSWORD
When did you last change the password for your home network? We can understand why it might be a while (or never) as it’s not something you want to do on a whim. When you do, you’ll need to update the password on all your computers, smartphones, smart TVs, tablets, smart speakers—and printers.
» If it’s been six months or more, though, it’s a sensible move, as it limits the amount of time unauthorized users will have access to your network and each of the devices connected to it.
» Log into your router using the process outlined above, then click through the configuration pages until you find the security settings. On our Netgear router, we found them by clicking Wireless, then scrolling down to Security Options.
6 PREVENT NEW DEVICES FROM CONNECTING TO YOUR PRINTER
Now that you’ve updated your network and limited the number of ways devices can access your printer remotely, the only way anyone can use it should be via your wireless network—especially if you’ve disabled features such as Wi-Fi Direct. Preventing new devices from connecting to your network will therefore block any unexpected and unauthorized computers, tablets, or phones from accessing the printer via the router.
» Make sure all the devices you regularly use are switched on and online, including smart speakers, streaming TVs, and so on, even though they will never need to use the printer. Now use your browser to connect to your router’s control pages and look for an option to enable Access Control or a similarly named feature.
» On our Netgear router, this is done by clicking Attached Devices, followed by the Access Control link at the top of the page. Enable ‘Access Control’, then tick the ‘Turn on Access Control’ box [ Image D]. Now click the button beside ‘Block all new devices from connecting’, followed by Apply. Any devices that aren’t already connected to your wireless network will now be prevented from joining without your authorization.