Is it really important to update printer firmware
Is it really important to update printer firmware
It’s not just software developers who release updates for their programs. Even hardware device manufacturers frequently release software updates, at least until the device is declared no longer supported (EoL, End-of-Life ).
These update packages are called firmware updates. In fact, the term firmware refers to the software incorporated into an electronic device, such as a printer, a router, a smartphone, or a television. For desktop and notebook PCs we most commonly talk about updating the BIOS, also in its more modern variant called UEFI.
The firmware resides on a non-volatile memory which is integrated into the device itself and is used to control the hardware functions of the device and manage its operation.
What is printer firmware?
The printer firmware controls the data flow between the computer and the printer itself and regulates paper feed, print head movement, ink temperature, and much more.
Firmware may occasionally be updated by the manufacturer to fix bugs, improve security, and introduce new features. The update procedure can be automatic but in most cases, it must be expressly confirmed and authorized by the user. Indeed, we suggest checking in the printer settings that the firmware installation does not take place automatically.
Updating the firmware of a printer can be performed through a specific procedure described by the device manufacturer: in some cases, the printer downloads the new firmware and then asks for confirmation for installation (it is necessary to act on the screen on the body of the printer ).
In other cases, the update can be requested from the printer administration web interface: for network printers, the application of the updated firmware can be requested via the panel that responds to the private IP address of the printer.
Again, the installation of the updated firmware can be done through the interface of the printer driver or through dedicated software.
To update or not to update printer firmware?
Updating the printer firmware can be useful for improving functionality, solving bugs and anomalous behavior, compatibility, and security issues.
Let’s focus on the security aspect: printers are everywhere. They are in businesses large and small, in our homes, and in schools.
Can they pose a threat to the security, integrity, confidentiality, and availability of data?
In the pages of IlSoftware.it we have often talked about vulnerabilities affecting the printers of various manufacturers. In many cases there are risks of Remote Code Execution (RCE): this means that an attacker, exploiting one or more security holes inherent in the firmware of the printer, can execute arbitrary code.
The printer firmware may contain security vulnerabilities
There is a document entitled Exploiting Network Printers elaborated some time ago by Jens Müller which is still very current and which offers very precise indications on how to exploit the vulnerabilities present in modern printers.
A printer exposes various communication ports on the local network: it is easy to notice by scanning with Nmap (command nmap -A printer-IP-address ) or with the Android app called Fing: in this case, just tap on the name of the connected printer in the local network than on the Find open ports icon.
Is it really important to update printer firmware?
The printer manufacturer, as stated in the security bulletins that are published, often finds itself in the position of having to resolve vulnerabilities inherent in the server components used by the device. Without a corrective patch, an attacker could find himself executing arbitrary code on the printer with the ability not only to monitor and push print jobs to remote servers but also to use the printer to launch an attack against other connected devices on the local network.
The correction of the vulnerabilities gradually identified in the various printer models comes through the distribution of updated firmware.
However, there is also the flip side: as we have observed previously, the firmware not only solves security and compatibility problems but is also used by manufacturers to change the behavior of the printer.
Firmware as a tool to prevent or hinder the use of non-genuine cartridges
In recent years, printer manufacturers have increasingly used firmware updates to lock down printers that use non-genuine cartridges.
The Italian Antitrust has specified that the procedure is not illegitimate in itself but becomes illegitimate if the manufacturer does not promptly and correctly inform the consumer, before purchasing the printer, about the need to use original cartridges.
After having sanctioned HP, the AGCM ( Authority for Competition and the Market ) ordered Epson and Lexmark to inform users about printers that do not accept non-original compatible cartridges.
So let's go back to the starting question: should the firmware be updated or not?
When to update the firmware
Before updating the firmware, you should always carefully read the changelog or the release notes of the new firmware version distributed by the manufacturer.
If the firmware fixes security issues and known bugs, it should generally be downloaded and installed.
However, if non-original cartridges are used, it is advisable to exercise a little more caution: it is advisable to combine the information deriving from some simple searches on the net and those provided by the manufacturer at the time of purchase in order to verify that with the installation of the new firmware does not block the printer.
A printer is usually located behind the firewall and NAT 1 (known) functionality of the router: this means that normally the ports exposed by the printer firmware are not publicly reachable on the public IP address.
The important thing is to check the open ports on the router and public IP, avoiding some of them are directly reachable from remote IP addresses (unless there is a real pressing need).
If the communication ports of the printer are not reachable via the Internet, what is the need to install a firmware update containing fixes for any security problems?
This is definitely a good question. As mentioned, firewalls and NAT on the router protect individual devices connected to the local network, including printers, from attacks from outside. However, code running inside the LAN could open printer ports on the public IP address on which a vulnerable software component is listening, for example via UPnP ( Universal Plug and Play ), or directly exploit the security flaw using a chain of exploits.
In the case of a router, normally the firmware update released by the manufacturer should be promptly installed, precisely because we are dealing with a device that acts as an interface between the local network and the Internet, with all that terms of security.
If you decide not to install a firmware update for your printer that (also) fixes security issues, you should weigh your choice against the pros and cons.
In a controlled network environment, where the chances of malicious code being executed are minimal, it may make sense to avoid installing updated firmware for the printer, especially if it could negatively impact the operation of the device such as the use of non-original cartridges.
Is it possible to downgrade the firmware of the printer?
In general, in case of problems, it is possible to downgrade the firmware of the printer or go back to the previous version of the software that governs the operation of the device.
This is particularly feasible if the printer manufacturer provides an older version of the firmware and if the printer itself supports downgrading.
Of course, downgrading the firmware may result in the loss of some important features or bug fixes that are present in the newer versions.
Also, some manufacturers may limit your ability to downgrade the firmware or may even prevent you from doing so.
Before starting a firmware update, it is therefore always good to check the manufacturer’s website to see if the downgrade practice is supported.
1 NAT (Network Address Translation) is a networking feature that allows devices within a local area network to access the Internet using a single public IP address. NAT hides internal IP addresses of the local network that cannot be directly discovered by remote devices.
While NAT can help improve network security, it cannot strictly speak and be considered a complete security feature. NAT offers no protection against cyber attacks such as viruses, malware, DDoS attacks, phishing attacks, and other cyber threats. Also, NAT offers no protection for data that is transmitted over the local network or the Internet.
