This is a short post about printer security. This is an addition to our series about paper wallets that you can find here.
There are some known issues with printer security. Some printers keep copies of printouts in their internal storage. Even after they have finished printing. They also keep a record of printed documents in a spool file on your computer. A virus or hacker can search for these files. If they find the wallet printout file they can use the private key to steal your money.
There are a few measures you can take to make it tougher for hackers.
Six Printer Security Tips
1. Get a second printer that never goes online and is never plugged into a computer when that is online. A printer can be the weak link in security and is often overlooked.
Printers are cheap these days, even laser printers. Having one that is only used offline is not too extravagant.
2. Get a basic printer without all the bells and whistles and never connect it to WiFi.
3. Make sure the security patches from the manufacturer are up to date.
4. Disable the printer’s internal memory.
5. Setup the printer to erase print data as soon as the job finishes.
6. If you get rid of a printer make sure you wipe the drives if it has any.
Here are some system specific precautions to boost your printer security.
1. The spool data saves on the C drive. Hackers know this and it’s the first place they might look. Change the output folder to a removable drive.
i. Make a dedicated spool folder on a removable drive.
ii. Open Devices and Printers from your control panel.
iii. Click on your printer and then Print Server Properties.
iv. Click Change Advanced settings.
v. Add the new folder destination. I changed mine to D:\Printer Spools in the example.
Check that the folder is empty after every time you print a wallet.
2. Use BitLocker to encrypt your drives.
Encrypt your drives and make your data unreadable unless you have the encryption key. Even if you don’t use paper wallets this is a good idea. When you delete something, even though you can’t see it, it is still on the physical drive. Encrypting stops anyone finding your deleted wallet print files.
Mauro Huculak has an excellent ‘How-To’ article on setting up BitLocker here.
I don’t have a Mac so I can’t show you my own step-by-step instructions but Apple has their own.
1. Use FileVault to encrypt your drives.
Here is a tutorial how to do that on the Apple support site.
2. Like the PC example. Link the /private/var/spool/cups/cache/ to a removable drive like an SD card.
Use a live-boot USB drive in place of your operating system. Once you finish printing your wallets reboot your computer. This will clear your cache and nothing gets written to disk.
This will work on a Mac or PC.
You will need to format the USB drive so it is bootable. The Ubuntu website has instructions for creating a bootable drive. It also shows you how to set-up the operating system.
Click here for PC.
Click here for Mac.
If you get stuck on PC there is some help here.
There is a ready-made bootdisk for Mac and PC you can buy here.
These basic precautions should beef-up your printer security. Printing your paper wallets will be much safer.
*Full disclosure. I am not a printer security expert. I make no claims that any of these tips will make your printer more secure. Please consult your computer security expert to safeguard your printer.