Printer Security: Your Office Printer Stores Every Document and Can Be Hacked

The office printer sits in the corner, quietly doing its job. Print, scan, copy, fax. Nobody thinks of it as a security risk. But that multifunction printer is a computer with a hard drive, a network connection, and firmware that is rarely updated. It stores copies of everything it processes, it can be hacked remotely, and it prints invisible tracking dots on every page.

Your Printer Has a Hard Drive

Most modern office printers and multifunction devices contain internal hard drives or solid-state storage. Every document you print, scan, copy, or fax is stored on this drive — often indefinitely.

What Gets Stored

• Print jobs — Full copies of every document sent to the printer
• Scan data — Every document scanned, including to email
• Copy data — Documents placed on the scanner for copying
• Fax logs — Sent and received faxes with full content
• User credentials — Login information if the printer connects to network shares or email servers
• Network configuration — IP addresses, DNS settings, connected devices

A 2019 investigation by CBS News purchased used printers from warehouse sales and recovered tens of thousands of documents from their hard drives — including medical records, police reports, and tax returns.

Printers Can Be Hacked

Printers run operating systems, connect to networks, and often have default passwords that are never changed. They are among the most overlooked attack vectors in corporate and home networks.

Common Printer Vulnerabilities

Vulnerability	Risk
Default admin passwords	Full control of printer settings and stored data
Outdated firmware	Known exploits that are never patched
Open network ports	Direct access from the internet (especially port 9100)
LDAP/SMB integration	Credentials for network resources stored in printer memory
Print job interception	Man-in-the-middle capture of documents in transit
USB port exploitation	Physical access allows direct data extraction

Real Attacks

2017 — Stackoverflowin: A hacker exploited open port 9100 on over 150,000 printers worldwide, forcing them to print ASCII art with a warning message about printer security.

2018 — PewDiePie Printer Hack: Another hacker exploited the same vulnerability to print messages on over 50,000 printers, demonstrating that most networked printers have zero security.

2020 — PrintDemon & PrintNightmare: Critical vulnerabilities in Windows Print Spooler allowed attackers to execute arbitrary code with system-level privileges through the print service.

Invisible Tracking Dots

Most color laser printers embed nearly invisible yellow dots on every page they print. These dots encode the printer's serial number, date, and time of printing. They are called Machine Identification Codes (MIC) or printer steganography.

How Tracking Dots Work

• Pattern: Tiny yellow dots arranged in a grid, repeated across the page
• Size: Approximately 0.1mm in diameter — invisible to the naked eye
• Content: Printer serial number, date, and time of printing
• Visibility: Can be seen under blue light or by scanning at high resolution
• Purpose: Originally developed to help law enforcement trace counterfeit currency

Who Uses This Data

• Law enforcement — The NSA and FBI have used tracking dots to identify leakers. In 2017, Reality Winner was identified as the source of a classified NSA document partly through the tracking dots on the printed pages.
• Printer manufacturers — The encoded serial number links directly to the purchaser
• Intelligence agencies — Multiple governments maintain databases of printer identification codes

Printers Known to Print Tracking Dots

The EFF (Electronic Frontier Foundation) maintains a list of printers that print tracking dots. Most major manufacturers are included: HP, Canon, Epson, Brother, Xerox, Lexmark, Samsung, and Dell.

How to Protect Your Printer

Network Security

1. Change default passwords — The single most important step. Every printer has an admin panel, usually at its IP address in a browser
2. Update firmware — Check for updates quarterly. Most printers have not been updated since installation
3. Isolate on a separate VLAN — Keep printers on a network segment away from sensitive systems
4. Disable unused protocols — Turn off FTP, Telnet, SNMP v1/v2, and any other protocol you do not use
5. Close port 9100 — Block raw printing port from external access at the firewall
6. Enable encryption — Use IPPS (encrypted printing) instead of raw IPP

Data Protection

1. Enable disk encryption — Many enterprise printers support hard drive encryption
2. Set automatic data overwrite — Configure the printer to overwrite stored data after each job
3. Physically destroy drives — When decommissioning a printer, remove and destroy the hard drive
4. Disable scan-to-email — If not needed, disable features that store credentials
5. Use pull printing — Documents only print when authenticated at the device

Document Security

• Avoid printing sensitive documents when possible — share digitally through encrypted channels instead
• Use black-and-white printing for sensitive documents — tracking dots only appear on color laser prints
• Account for tracking dots in your threat model if document anonymity matters

The Bigger Problem: Document Sharing

The printer is the last mile of a document's journey. But the entire chain matters — from creation to sharing to printing to disposal.

Most data leaks happen not at the printer, but during sharing. Documents sent as email attachments, shared through messaging apps, or stored in unprotected cloud folders are far more likely to be compromised than printed copies.

When you need to share sensitive documents or the credentials to access them, use encrypted channels. LOCK.PUB lets you create password-protected links that expire automatically. Instead of emailing a password for a shared document through Messenger or iMessage — where it sits in chat history forever — share it through a self-destructing link.

When Decommissioning a Printer

Printers at end-of-life are a major data leak risk. Before selling, recycling, or disposing of a printer:

1. Factory reset is not sufficient — data can still be recovered
2. Use the manufacturer's data sanitization tool if available
3. Remove the hard drive and physically destroy it
4. Clear all stored credentials, scan logs, and fax history
5. Remove the printer from all network access lists and directory services

Conclusion

Your printer is a computer that no one patches, no one monitors, and no one thinks about. It stores your documents, it can be attacked remotely, and it marks every page with invisible codes that identify it.

Take 15 minutes to secure your printer: change the password, update the firmware, enable encryption. And for sensitive documents, consider whether you need to print them at all. Digital sharing through encrypted, self-expiring tools like LOCK.PUB leaves no physical trail and no stored copies on printer hard drives.

The most secure document is the one that was never printed.