How to Prevent Malware from Abusing Network Printers
Concerned about malware using your printer to spread or spy? Here's how to secure network printers against malicious software and attacks.
What's Happening
A network printer is a small networked computer with a web server, an operating system, and storage β and almost nobody patches it. That combination is exactly why printers get used as a foothold: an attacker who can't get to your PCs directly can often reach an unauthenticated printer, and from there pivot, capture spooled documents, or sit quietly on the network. Real vulnerability classes (the Windows Print Spooler flaws known as PrintNightmare, and the CUPS chain on Unix print stacks) made this concrete. The defense isn't one setting β it's reducing what the printer exposes and containing it so a compromise can't spread.
Quick Checks (Do These First)
- Is the printer reachable from the internet? If your router has any port forwarded to it, or UPnP opened one, that's the single most urgent thing on this page. A printer should never be internet-facing.
- Is the firmware current? Check the model's support page for the latest version and compare. Unpatched firmware is the most common real-world weakness.
- Are the admin credentials still default? Default printer passwords are publicly documented per model. If it's unchanged, treat the device as already exposed.
The One Question That Sets Your Priorities
Before working through settings, answer this: can the printer be reached from outside your LAN, and can it initiate connections outbound? Those two facts decide everything. A printer that is internet-reachable is an emergency β fix that before anything else, because no internal hardening matters while it's exposed. A printer that's LAN-only but can freely talk out to the internet is the next priority, because that outbound path is how a compromised printer exfiltrates spooled documents or pulls a payload. A printer that is LAN-only, can't be reached from outside, and can't initiate outbound connections is in a fundamentally safer position even before you harden the rest. Establish those two answers first; they tell you whether you're doing emergency containment or routine hardening, and they reorder every step below accordingly.
Step-by-Step Fixes
Fix 1: Patch Firmware, Then the Print Hosts
Firmware patches are the only thing that closes known device-level holes.
- Get the printer's IP from a network config page; open
http://[printer-ip]and log in. - Update firmware from the printer's menu or the manufacturer's model-specific download page (HP, Canon, Epson, Brother all publish per-model firmware).
- Separately, patch the computers: Windows Update closes the Print Spooler vulnerabilities (PrintNightmare, CVE-2021-34527); update CUPS on Linux/Mac print hosts.
- Both ends matter β a patched printer behind unpatched Windows machines is still exposed via the host.
Fix 2: Replace Defaults, Cut the Attack Surface
- Change the admin credential to something long and unrelated to the brand/model.
- Force HTTPS-only for the web interface; disable plain HTTP.
- Disable services you don't use β Telnet and FTP first (unencrypted, frequently abused), then LPD if you use IPP, and UPnP (it can punch holes in your router).
- If you use SNMP for monitoring, move to SNMPv3 and disable v1/v2c, which send community strings in cleartext.
- Disable cloud-print features (ePrint and similar) unless you actively rely on them β they create an outbound path off your network.
Fix 3: Contain It on the Network (The Real Fix)
Hardening reduces risk; containment limits the damage when something gets through anyway. This is the highest-value step.
- Put the printer on a separate VLAN or guest/IoT network, away from PCs and file shares.
- Firewall rules: allow PCs β printer on printing ports only (9100, 631); block printer β main LAN; block or tightly restrict printer β internet.
- If you can't segment, use host firewalls to block inbound from the printer's IP except printing ports, and deny it file-sharing/admin protocols.
Done right, a compromised printer can't reach your computers and can't call out β which neutralizes most of what printer malware is designed to do.
Fix 4: Require Authentication and Watch the Logs
- Enable user authentication / secure (pull) printing so background processes can't just spray jobs; disable anonymous printing.
- Where supported, restrict by device via an IP/MAC ACL, or 802.1X / IPsec on capable networks.
- Turn on logging; review job history for jobs you didn't send, odd-hours activity, or failed logins. Unexplained jobs are an early compromise signal β investigate, don't ignore.
Where DIY Stops β And Why
The web-interface settings above are doable at home. The parts that decide whether this actually holds are not:
- True network segmentation. A real printer VLAN with enforced firewall rules requires a router or switch that supports it and a correct ruleset. Done wrong, you either don't get isolation (false security) or you break legitimate printing β and verifying which one you got isn't visible from the printer.
- Confirming a suspected compromise. Strange jobs or settings that changed on their own mean the question is no longer the printer β it's whether something is already on the network. Disconnect it, factory-reset and re-flash firmware, rotate every credential, and scan all hosts. Determining scope is incident response, not a settings tweak.
- Regulated environments. If the printer handles medical, legal, or financial documents, misconfiguration isn't just risk β it's a HIPAA/GDPR exposure with penalties. That needs a verified configuration, not a best guess.
Multi-printer offices, sensitive documents, or anything that looks like an active incident are exactly where our printer support service should take it β the value is a configuration that's confirmed correct, not assumed.
Need Professional Help?
If you're in the Tampa Bay area and need hands-on assistance, Geeks in Sneaks provides friendly, on-site tech support in Clearwater, Clearwater Beach, and Dunedin.
Related Topics
Need Professional Help?
If you're still having trouble, our expert technicians can help.
Learn about our printer support serviceMore Printer Issues Fixes
See all Printer Issues fixes βHow to Prevent Kids or Guests from Printing 100-Page Jobs
Tired of accidental massive print jobs from kids or guests? Here's how to set up quotas, require approval, and control who can print what.
How to Block Unwanted Cloud and Remote Print Features
Don't want HP ePrint, Canon Cloud, or Epson Connect on your printer? Here's how to disable cloud printing features for better privacy and security.
How to Reset Forgotten Admin Password on Printer Web Interface
Locked out of your printer's web interface? Here's how to reset the admin password for HP, Canon, Epson, and Brother printers.
How to Securely Dispose of Old Printers with Stored Data
Getting rid of an old printer? Learn how to wipe stored data and dispose of it securely so your personal information doesn't end up in the wrong hands.
Are Scanned or Copied Documents Stored on Your Printer?
Wondering if your printer keeps copies of documents you scan or copy? Here's what gets stored, how to check, and how to clear it.
How to Reconnect Your Printer After Changing WiFi Password
Changed your WiFi password and now your printer won't connect? Here's how to get it back online in minutes.
Why Printers Lose Settings After a Power Outage
Did a power outage reset your printer to factory defaults? Here's why it happens and how to prevent it from happening again.
Do Firmware Updates Intentionally 'Kill' Third-Party Cartridges
Your third-party cartridges stopped working after a firmware update. Is it a conspiracy, a bug, or intentional? Here's what's really happening.