Did you know your multifunction printer has its own backdoor WIFI?

Allen called me one day and said his printer was printing nonstop garbage. He wasn’t printing anything, but somebody was printing through WIFI. This print job was consuming his toner and paper. How did this happen?

I told Allen that in addition to joining your multi function printer to your office or home WIFI, you’ll find the printer broadcasts its own WIFI signal. You, or anybody close enough to the printer, can hop on that printer through that WIFI. A hacker could then cause mischief, including changing  the printer’s IP addresses or printing large print jobs that consume paper and toner. I am showing you how to identify your printer’s WIFI, and how to secure it.

Assumptions

1. My printer is an HP LaserJet 200 colorMFP M276nw. On my WIFI, it resides at 168.168.20.
2. This printer broadcasts its own WIFI. Hewlett-Packard calls this feature Wireless Direct Printing.
3. This printer broadcasts a wireless network with the name HP-Print-7d-LaserJet 200. The prefix HP-Print-7d- was mandated by HP. I set the suffix LaserJet 200.
4. The printer’s IP is 192.168.223.1.

How to find the printer

On a Windows 10 workstation with WIFI, you can click the taskbar’s network icon. I currently am not connected to a network. The icon looks like a globe. Click the globe and you see the available WIFI networks.

Join the HP-Print-7d-LaserJet 200 WIFI network. Remember, this is not my usual network. The printer creates and broadcasts this one.

Your computer tells you “No Internet, secured.” That is a good thing. You are on the printer’s WIFI but the printer is not letting you go upstream to the Internet. That’s what routers and modems do.

Verify you are on the printer’s WIFI. Launch a command prompt and run the ipconfig command. You’ll see

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix  . :
IPv4 Address. . . . . . . . . . . : 192.168.223.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :

Remember, this printer assigns itself IP 192.168.223.1. It also acts as a DHCP server. I can tell because it granted me IP 192.168.223.101. I also ping the printer at 192.168.223.1. and see four successes:

C:\Users\mark>ping 192.168.223.1

Pinging 192.168.223.1 with 32 bytes of data:

Reply from 192.168.223.1: bytes=32 time=3ms TTL=255
Reply from 192.168.223.1: bytes=32 time=15ms TTL=255
Reply from 192.168.223.1: bytes=32 time=6ms TTL=255
Reply from 192.168.223.1: bytes=32 time=8ms TTL=255
Ping statistics for 192.168.223.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 15ms, Average = 8ms

Too easy and too scary

You just joined the printer’s WIFI. That was too easy and too scary. I am saying that because you were not prompted for a passphrase. The printer was set to No Security.

Establish WIFI security

Change the security to prompt for a wireless encryption key. This is different on every printer. For this HP LaserJet, I logged into the printer’s web page at 192.168.223.1 and chose the networking tab.

Wireless Direct Printing is On (No Security).

Change Wireless Direct printing to On (With Security), type a Passphrase  and click Apply.

This boots you off the printer’s network, which is a good thing. You can now reconnect to the printer’s WIFI. Your computer prompts you for the passphrase.

Summary

Your printer creates its own WIFI that lets you connect to it without having an Internet connection. The problems are a) most are not secure by default and b) this presents a backdoor for a hacker to commit mischief, at your expense.

***

Cyber Safety Net – keeping you safe online. See https://cybersafetynet.net/cyber-protection-suite/ to learn more about the Cyber Protection Suite. Other resources include https://www.forbes.com/sites/theyec/2017/12/04/why-cybersecurity-matters-to-your-business/#5f7c892367c6 and https://youtu.be/sdpxddDzXfE.

Mark Anthony Germanos is the author of How Hacks Happen and a certified ethical hacker. He shows how computer hackers exploit your corona virus fears. Visit https://howhackshappen.com today and read three chapters for free.