What a YouTube publicity stunt tells us about device security
Just recently, 50,000 printer owners got an unexpected result out of their devices. Not so much a paper jam or out of ink message — we’ve all been there — but instead a message imploring users to subscribe to Internet “celebrity” PewDiePie’s Youtube channel and unsubscribe from an Indian-produced channel that in recent months has surpassed his in popularity.
The size of the Internet being what it is, the odds are actually pretty good that very few — and quite possibly no — recipients actually cared either way, except that it was wasting both their time and printing resources to do so. It’s a very Internet-age prank, and it’s at least substantially less destructive than matters such as malware, or even the decades-old equivalent of sending pitch black pages to faxes in order to waste paper and resources.
However, it’s still a hearty reminder about of the consequences of living in an always-connected world, because the way the message was sent was directly to the affected printers. This wasn’t a message that the 50,000-odd users opted to print from their own emails, or even a malware package on a PC or Mac directing their printers to do so.
That’s because all of the printers involved had direct Internet connectivity in their own right, part of what’s broadly been called the “internet of things” approach. An Internet-connected printer can be a remarkably useful device, for a couple of simple reasons. Firstly, if the manufacturer does have a software upgrade to fix bugs or add new features, it can deliver it direct to the printer at a time when it’s not in use. You don’t have to mess around with downloading fresh firmware upgrades and applying them, and you don’t miss out on any new improvements simply because you didn’t know about them.
An Internet-connected printer can also, obviously, print from just about anywhere, which could be very useful if you know you’ll need a print copy of a document the moment you get into the office or back home, without having to wait to connect at home for it to produce your documents. Some manufacturers have taken this concept further, with on-demand printing services that can deliver a variety of information to your printer on a schedule.
All of these convenience features, however, rely on the underlying security being essentially sound, and that can be a somewhat tough task. There’s a lot that can go wrong to make a seemingly secure device less robust, from the way the device itself is configured, to any firewall rules sitting on a router or connected computer, and even to the way the rest of your home or work network is actually configured.
So what can you do at a practical level to prevent this kind of prank (or worse) hitting your printer? Here’s a couple of steps to follow:
- Make sure your printer software is up to date. This is a bit of a no-brainer, but it’s worth repeating, because in the wake of this particular effort, it’s reasonable to expect to see a wave of updates addressing the kinds of flaws that left so many vulnerable systems out there. Security bugfixes are pretty common in printer updates, and it’s worth staying up-to-date
- Consider if it’s worth having your printer online in the first place. If you only ever print from home, and especially if it’s only via a connected USB cable, disable those features.
This will vary by printer model — it’s usually a software setting that will reference either printing from the Internet or “cloud” printing or similar — but if there’s no way for you to do it from an online source, there’s no way for the miscreants to do so either.
Disabling online printing won’t stop you printing from your computer on the same network or via a cabled connection — it’ll just stop the wider world from peering in if there is a security flaw.