Scanning for Fun and Profit

Today I purchased a new printer for my home office, a HP Deskjet 3070a (mostly because of my wife’s persistence on having an iPad compatible printer). This wireless printer is typical amongst those found in homes today, offering WiFi connectivity and internet enabled printing, but the thing that struck me was just how this tech worked from a security perspective, after all, with unsecured Wifi networks unfortunately common in neighbourhoods, just what could an attacker do with a printer / scanner?

The first thing that I did was fire up Wireshark to see exactly how my laptop communicated with the scanner over the network. I half expected to see some proprietary communication between the driver and the printer, but no, the scanner actually uses standard unencrypted HTTP and XML to send job information and retrieve information on the scanner. Perhaps the most alarming (but unfortunately not unexpected) feature was the lack of any authentication when communicating.

I was quickly able to create a simple tool for retrieving a scanned document from the scanner which I have published here. This small tool simply sends enough information to request a raw image from the scanner, using Python Imaging Library to convert this to a bitmap. It’s a bit flaky at best, but it helps prove the point that if an attacker is able to access your wireless network, even something as innocent as your printer / scanner combo may be at risk. You may wish to think twice about what you leave on your scanner glass.