Skip to content
The New Era of Internet Exposure: What It Means for Security Teams | Stream Now
Blog

Who’s Down with IPP? Finding Internet-Connected Printers with Censys

Share

October 31, 2022

 

In the Internet of Things (IoT) arena, printers might seem like the least of our problems. We’ve got new smart home devices connecting to the Internet every day—refrigerators, home security systems, washing machines (spoiler alert, your clothes are now clean and, no, you probably don’t need an app to know that). Arguably more worrisome are the IoT devices and servers that the public and private sector rely on to run their organizations. These devices contain sensitive data, unlike many home IoT servers, which can be used for denial-of-service (DoS) attacks.

Why does it matter?

Printers may seem like the least interesting devices in the IoT realm, but every device that’s connected to the Internet can present an open doorway into your networks. It’s easy to forget that these printers are computers in their own right. If not properly secured they can introduce a security risk.

The biggest issue is that IT and security teams often have no visibility into what printers are connected to their networks. They can’t batten down the hatches when they don’t know about potential vulnerabilities. That’s where Internet scanning data comes in.

Finding printers with Censys data

Internet Printing Protocol (IPP) is a common protocol used for communication between printers and computers. Censys can detect IPP on any port, even if it’s not the standard IPP port 631. This allows anyone to get a quick read of how many printers are connected to the Internet and locate any printers their organization may have inadvertently exposed to the public.

Back in 2013, there were more than 86,000 publicly available HP printers indexed by Google. So how many printers (not just HP) are connected to the Internet in 2022, you ask?

A lot.

With Censys Search, you can search our most recent scan of the entire IPv4 space for hosts running IPP using the query services.service_name=”IPP”

 

Screenshot looking for IPPs on Censys Search

 

 

As of our October 18th snapshot, there are over 270,000 Censys-visible printers connected to the Internet, and over 149,000 of those printers are located in the United States.

Bar chart of printers visible on Censys Search

 

This visualization was generated using the Censys Reports feature, breaking down the results of the query services.service_name=”IPP” by the attribute location.country

To see if your organization has any printers exposed, add a CIDR block or range of IP addresses to your Censys search:

services.service_name=”IPP” AND ip:198.82.0.0/16

OR:

services.service_name=”IPP” AND ip:[198.82.0.0 TO 198.82.255.255]

What to do if you find Internet-connected printers in your corporate infrastructure

If you find printers within your network that you were previously unaware of, we suggest that you identify the user who added the printer and determine if they’re actually using it. If they are, have a quick chat with them about how you’ll secure their printer and ensure that they can still use it for their needs. UC Berkeley offers a best practices guide for network printers that’s worth sharing internally if you’ve found a large number of unsecured printers on your networks.

Any printers that aren’t in use should be taken offline, since they’re doing you no good and they pose an unnecessary risk to your organization.

Send us a tweet with your own IPP findings. We’d love to hear from you.

 

About the Author
Himaja Motheram
Security Research Intern
Himaja Motheram is the 2022 Security Research Intern at Censys, working on projects providing insights using Censys Search data. She's currently studying Computer Engineering at the University of Michigan, Ann Arbor.
Attack Surface Management Solutions
Learn more