Who’s Down with IPP? Finding Internet-Connected Printers with Censys
In the Internet of Things (IoT) arena, printers might seem like the least of our problems. We’ve got new smart home devices connecting to the Internet every day—refrigerators, home security systems, washing machines (spoiler alert, your clothes are now clean and, no, you probably don’t need an app to know that). Arguably more worrisome are the IoT devices and servers that the public and private sector rely on to run their organizations. These devices contain sensitive data, unlike many home IoT servers, which can be used for denial-of-service (DoS) attacks.
Why does it matter?
Printers may seem like the least interesting devices in the IoT realm, but every device that’s connected to the Internet can present an open doorway into your networks. It’s easy to forget that these printers are computers in their own right. If not properly secured they can introduce a security risk.
The biggest issue is that IT and security teams often have no visibility into what printers are connected to their networks. They can’t batten down the hatches when they don’t know about potential vulnerabilities. That’s where Internet scanning data comes in.
Finding printers with Censys data
Internet Printing Protocol (IPP) is a common protocol used for communication between printers and computers. Censys can detect IPP on any port, even if it’s not the standard IPP port 631. This allows anyone to get a quick read of how many printers are connected to the Internet and locate any printers their organization may have inadvertently exposed to the public.
Back in 2013, there were more than 86,000 publicly available HP printers indexed by Google. So how many printers (not just HP) are connected to the Internet in 2022, you ask?
With Censys Search, you can search our most recent scan of the entire IPv4 space for hosts running IPP using the query services.service_name=”IPP”
As of our October 18th snapshot, there are over 270,000 Censys-visible printers connected to the Internet, and over 149,000 of those printers are located in the United States.
This visualization was generated using the Censys Reports feature, breaking down the results of the query services.service_name=”IPP” by the attribute location.country
To see if your organization has any printers exposed, add a CIDR block or range of IP addresses to your Censys search:
services.service_name=”IPP” AND ip:220.127.116.11/16
services.service_name=”IPP” AND ip:[18.104.22.168 TO 22.214.171.124]
What to do if you find Internet-connected printers in your corporate infrastructure
If you find printers within your network that you were previously unaware of, we suggest that you identify the user who added the printer and determine if they’re actually using it. If they are, have a quick chat with them about how you’ll secure their printer and ensure that they can still use it for their needs. UC Berkeley offers a best practices guide for network printers that’s worth sharing internally if you’ve found a large number of unsecured printers on your networks.
Any printers that aren’t in use should be taken offline, since they’re doing you no good and they pose an unnecessary risk to your organization.
Send us a tweet with your own IPP findings. We’d love to hear from you.