I know printers are a security hole. I am trying to get the best setup to minimize risk.
Here’s the risk that I am trying to mitigate : that an attacker remotely access the printer, and use it as a launchpad to infect other computers.
So I decided to do this:
do not setup access to wifi to the printer. Since I assume settings could be changed, I will not simply disable wifi, I will purchase a printer that does not have wifi capacity
among all the printers that work for my need, they all have ethernet capability. I am planning not to plug the ethernet capable, so I should be fine
However, all the printers I saw still had mobile printing capabilities (like airprint). This is most unfortunate, because even though they claim to NOT be wireless, they clearly are (airprint for example requires the printer to generate a local wireless network).
So I am trying to decide whether that’s a security risk I can completely mitigate : if I purchase a printer with mobile printing capabilities, and I assume an attacker somehow revert my settings to disable this capability, what is the worse that can happen ? Via mobile printing, could they update the firmware of the printer ? Could they use it as a launchpad to infect other computers ? Or does mobile printing protocols strictly only allow sending a document for printing, and it cannot be misused?