Although printers might seem like dumb boxes sitting on the desk, a new study from Columbia University researchers has found that they can actually be used for sophisticated hack attacks.
Speaking to MSNBC's Red Tape recently, the researchers said that printers that can connect to the Internet are at risk of being used to steal personal data, access supposedly secure networks, and even be pushed to overheat and cause a fire.
Using HP's networked LaserJet printers in its study, the researchers told MSNBC that due to the devices' "Remote Firmware Update" feature, which checks for software updates whenever a new printing job starts, hackers can access a printer and install a firmware version that they control. They can gain access to the devices because the printers in the study lack digital signature technology and won't verify an update's source before it's installed.
The stakes are high. According to the researchers, there is no easy way to detect the breach, and since security software doesn't analyze printers, hackers can do what they want after installing the new firmware. Even worse, removing the malicious firmware is nearly impossible.
As worrisome as that might be, printer security woes have been around for years.
In 2006 at the Black Hat security conference, security expert Brendan O'Connor demonstrated how easy it is for hackers to gain access to a printer and cause trouble in the office. O'Connor showed how hackers, within minutes, can perform all kinds of tasks, including mapping an organization's network and accessing previously printed documents.
"Stop treating them as printers," O'Connor warned IT managers during his presentation. "Treat them as servers, as workstations."
That said, O'Connor's findings came at a time when networked printers were mostly found in the enterprise. Now, they're everywhere. And the Columbia researchers say that due to the sheer number of networked printers in the wild, the flaw it discovered could affect millions of people around the globe.
But before you jump to turn off your printer, the flaw the researchers found is only an issue in older printer models. Since 2009, printers have included digital signature technology, which addresses the flaw. But that doesn't make the researchers feel any safer. As they pointed out to MSNBC, the number of printers suffering from the flaw "could be much more than 100 million."
No comments:
Post a Comment