Who's Down with IPP?: Finding Internet-Connected Printers with Censys
In the Internet of Things (IoT) arena, printers might seem like the least of our problems. We’ve got new consumer devices connecting to the internet every day—refrigerators (why? just… why?), home security systems, washing machines (spoiler alert, your clothes are now clean and, no, you don’t need an app for that). Arguably more worrisome are the IoT devices and servers that the public and private sector rely on to run their organizations. These devices contain sensitive data, unlike many home IoT servers, which can be used for denial-of-service (DoS) attacks.
Why does it matter?
Printers seem like the least interesting devices in the IoT realm, but every one of them that’s connected to the internet can present an open doorway into your networks. It’s easy to forget that these printers are really computers in their own right and if not properly secured they can introduce a security risk.
The biggest issue is that IT and security teams often have no visibility into what printers are connected to their networks and they can’t batten down the doors when they don’t know about them. That’s where internet-scanning comes in.
Finding printers with Censys
This week, we added Internet Printing Protocol (IPP) scan data to Censys. This allows anyone to get a quick read of how many printers are connected to the Internet and locate any printers their organization may have inadvertently exposed to the public.
Back in 2013, there were more than 86,000 publicly available HP printers indexed by Google. So how many printers (not just HP) are connected to the Internet in 2018, you ask? A lot. A helluva lot. We found over 460,000 in our most recent scan of the entire IPv4 space, and over 49,000 of those printers are located in the United States. Search Censys for every host with IPP running on port 631.
To see if your organization has any printers exposed, add a CIDR block or range of IP addresses to your Censys search:
protocols: "631/ipp" AND 188.8.131.52/16
protocols: "631/ipp" AND ip:[184.108.40.206 TO 220.127.116.11]
What to do if you find Internet-connected printers in your corporate infrastructure
If you find some printers within your network that you were previously unaware of, we suggest that you track down the user who added the printer and determine if they’re actually using it. If they are, have a quick chat with them about how you’ll secure their printer and ensure that they can still use it for their needs. UC Berkeley offers a best practices guide for network printers that’s worth sharing internally if you’ve found a large number of unsecured printers on your networks.
Any printers that aren’t in use should be taken offline, since they’re doing you no good and they pose an unnecessary risk to your organization.
Send us a tweet with your IPP findings. We’d love to hear from you.