Office printers are often overlooked security vulnerabilities. Learn how to secure your printers and multifunction devices against cyber threats.
When businesses conduct security audits, they typically focus on endpoints, servers, and network perimeter. Printers — particularly modern multifunction devices (MFDs) — are routinely overlooked. This oversight is significant, because a modern networked printer is, functionally, a computer.
It runs an operating system. It has a web interface. It stores data. It connects to email, cloud services, and corporate directories. And it is almost never patched, hardened, or monitored.
What Makes Modern Printers a Security Risk
They Run Full Operating Systems
Enterprise multifunction printers from manufacturers like HP, Xerox, Canon, and Ricoh run embedded Linux or custom operating systems with web-based management interfaces. These interfaces are accessible over the network — often with default credentials that have never been changed.
An attacker with network access who discovers a printer running default admin credentials (admin/admin, or admin/[model number]) has access to the printer’s full configuration, including email settings, stored documents, and network credentials.
They Store Sensitive Documents
Modern MFDs have onboard storage — hard drives or flash memory — that retains copies of scanned, printed, and copied documents. A printer that has processed medical forms, legal documents, financial statements, or HR records over its service life has accumulated a significant store of sensitive information.
This matters particularly at end of life. A printer sold, returned at lease end, or disposed of without storage wiped is a data exposure event. This has produced documented breaches — researchers purchasing used office printers and recovering thousands of sensitive documents from onboard storage.
They Send Email and Connect to Cloud Services
Scan-to-email is a standard feature. To function, the printer needs email credentials — either an SMTP username and password, or OAuth credentials for Microsoft 365 or Google Workspace. These credentials are stored in the printer’s configuration and may grant access beyond what is needed for printing.
If a printer’s email account is compromised, it can be used to send phishing emails internally or exfiltrate documents.
They Are Rarely Patched
Printer firmware receives security updates from manufacturers. These updates patch vulnerabilities in the web interface, embedded OS, and communication protocols. In most organisations, printer firmware has never been updated since installation.
HP has disclosed multiple critical vulnerabilities in its enterprise printer line (the “PrintNightmare” class of vulnerabilities affecting print spoolers is the most famous, but printer-specific firmware vulnerabilities are ongoing). Without firmware updates, these vulnerabilities remain exploitable indefinitely.
Securing Your Print Environment
Change Default Credentials Immediately
Every networked printer has a web management interface, typically accessible via the printer’s IP address in a browser. The first action when deploying any printer should be changing the admin password from the default to a strong, unique credential stored in your password manager.
Check your existing fleet: open a browser, type the printer’s IP address, and see if you can access the admin panel with the default credentials. If you can, so can any attacker on your network.
Segment Printers on a Separate VLAN
Printers do not need direct communication with most devices on your network. Placing them on a separate VLAN — accessible for print jobs, but isolated from lateral movement to other network segments — limits the damage if a printer is compromised.
This is a standard network design principle: IoT devices (printers, cameras, access control systems) belong on separate network segments, not the same flat network as your laptops and servers.
Disable Unnecessary Services
Modern printers ship with many services enabled by default: FTP, Telnet, older network protocols, unused cloud connectors. Disable anything not actively used. The smaller the attack surface, the fewer vulnerabilities can be exploited.
Common services to review:
- FTP (almost never needed — disable)
- Telnet (unencrypted management — disable)
- SNMPv1/v2 (use v3 with authentication, or disable if not monitored)
- Unused cloud connectors (Google Drive, Dropbox, etc.)
Update Firmware Regularly
Check the manufacturer’s website (or your RMM tool, if it covers printers) for firmware updates. Most enterprise printer manufacturers release firmware updates quarterly to address security vulnerabilities. Apply these updates.
For larger printer fleets, solutions like HP Web Jetadmin or manufacturer-specific fleet management tools allow centralized firmware updates across all devices.
Secure Document Storage and Print Release
For organisations that print sensitive documents, implement pull printing (also called “follow-me printing” or “secure print release”): print jobs are held in a queue and released only when the user authenticates at the printer (via PIN, card swipe, or app). This prevents sensitive documents sitting in the output tray uncollected.
Microsoft Universal Print and most enterprise MFD platforms support pull printing with Entra ID authentication.
Wipe Storage Before Disposal
Before any printer leaves your organisation — end of lease, sale, or recycling — the onboard storage must be wiped. Most enterprise MFDs have a factory reset or storage wipe function in the admin interface. Use it. If you are uncertain whether the wipe is thorough, request a certified destruction certificate from your disposal vendor.
Including Printers in Your Security Programme
The fix for printer security is not complex — it is a matter of including printers in the same security disciplines applied to other networked devices: asset inventory, credential management, patching, network segmentation, and end-of-life data wiping.
CX IT Services includes print environment security in our managed IT service assessments for Melbourne businesses. Contact us to discuss whether your printers have been secured.
