Everybody has printer at home. Well, mostly everybody. Chances are if you have computer at home, you most probably have a printer as well. It is just sitting there on the shelf or on your desk and silently (or not so - depending on the model) waits for you to use it. You open an email from your significant other or a page on the internet, hit the Print button and there it is - a hard copy of whatever you need. However, in all the years you did that, have you ever thought about the privacy and security implications of using a printer?

 

Yes, that is right, you read it correctly. By the fact of using your printer, you might actually disclose private information to anybody that can access you computer. You might even disclose information that can help other people to compromise your system security.

 

Case in example - my HP 7150. The drivers for the printer create a log file. Nothing unusual, almost any software on the planet creates some type of log, where it stores information about what happened. Anyway, the log files can always be deleted. Besides, the file is on the local disk and is protected by the file system security, so it is not a big problem. Furthermore, the file is in proprietary binary format, thus, it cannot be read easily. So we are safe, right?

 

Wrong. Open the file in notepad and the first thing you notice is that it contains the names of every single document you printed. Now, this would not be that big of a problem, were it not for a couple of bad choices the developer made:

  1. The log file is not per user, it is a single log file for the whole system. Most probably, the arguments went on like: “This particular printer targets mostly home users. Most home users run Windows 98 or ME, or if they run Windows XP, they do not use separate users. If the majority of the computers to run this software are going to be “single-user” systems, why bother with multiple log files? “
  2. Once the choice one was made, it is very easy to make the second bad choice - put the log file in the root folder. Arguments: “It's the only folder which is predictably on place on any computer. So why bother with complex logic of attempting to figure out where the Windows folder or the Temporary folder is? “

On default NTFS disk, the permissions for the root are admin - full, users - read-only. If you are logged on as regular user (you are, aren't you?), you cannot delete the file but you can still read it. In addition, if you have multiple users, all the documents every single one of them printed are in there. Moreover, if they print web pages, the name of the document is the web page.

 

One can argue that the amount of information that can be found this way is very small. However, any information can be used in some way. Here is an example - let us assume that every user on the machine has printed only one document from their documents folder and let us say that both documents are named test.html. If there are two users, the log file will contain two document names, both of them test.html. There is no way you can get any useful information from such a log file, is there? Yes, there is - the document names in the log file are given to the printer driver by the program. It just so happens that Internet Explorer gives names that contain the full path of the file and the full path to your documents folder contains the account name. Therefore, by looking at the file, you now have a list of all the user accounts on the system. Share the printer with your peers on the dorm over the network and you could probably see their user names on their machines. If you open a web page that reads the file and sends it back to the server, somebody else can have this information.

 

I am sure you can think of other ways in which this could be used by malicious people, so I will stop here with the examples. Besides, I think I already made the point of the post - next time you decide to store some information, be smart about it and think not only what, where and how you store, but also who has access to it and how can they use it. And for Pete's sake - please, do not put log files in the root folder...