Are There Opportunities in Researchers' Claims That Printers Are Security Risks?
Last week, news broke that Columbia University researchers found a security vulnerability in certain HP LaserJet printers.
The story, reported by msnbc.com, seemed a bit sensationalized, what with its claims that millions of printers could burst into flames, but if the researchers’ findings are correct, the security flaw is definitely a serious issue.
HP addressed this in a statement it released saying, “Today there has been sensational and inaccurate reporting regarding a potential security vulnerability with some HP LaserJet printers. ... Speculation regarding potential for devices to catch fire due to a firmware change is false.”
However, HP did say that they have identified a “potential security vulnerability” with some HP LaserJet devices if placed on a public Internet without a firewall. The company also said that it is “building a firmware upgrade to mitigate this issue and will be communicating this proactively to customers and partners who may be impacted.”
Regardless of whether this story was sensationalized or not, security flaws are dangerous for anyone -- individual, small business or enterprise users.
In a demonstration of the vulnerability, the Columbia researchers printed a tax return to one of the devices, which in turn then sent the document to a different computer (which would be the hackers). The document was then scanned for critical information and once found, automatically published it to Twitter.
Social security numbers, Tax ID numbers, sensitive business docs -- anything that may be printed at home or at a business could get into the wrong hands.
Although researchers have only found vulnerabilities in HP devices so far, they are continuing their testing on other manufacturers’ devices as well as gadgets and appliances.
“Printers are just the tip of the iceberg when it comes to vulnerable embedded devices,” warned Salvatore Stolfo, who directed the research at Columbia. DVD players, telephone conference tools and home appliances now all connect to the Internet and have no security at all. “Supposedly secure offices -- even in sensitive government agencies -- have networked teleconferencing devices, printers, even thermostats that create security risks,” the article pointed out.
As more and more devices have network capabilities, security becomes an ever-increasing issue. We are all aware that printers are no longer just printers. They store important -- perhaps sensitive -- information. They can be used as a gateway to the network and if unsecured, they can be damaging. End users may not be aware of the potential hazards an unsecured printer could cause, but here is the opportunity for managed print providers to step in, secure the network and secure the customer.
Posted by Katherine Fernelius on 12/05/2011