Web-enabled businesses (are there any other kind any more?) are always on the lookout for security breaches, and rightfully so, as hackers are working day and night to find overlooked vulnerabilities and exploit them. But office information security managers might be forgetting one fairly large exposure to the risk of stolen information:The networked multifunction printer
Thomas Ptacek, principal and founder at New York-based penetration testing firm Matasano Security, said the risk is more than just theoretical.
"Should my mom be worried that a hacker is living in her printer? No. But, if you're a Fortune 500 company, vulnerable printers on your network is a scary thing," Ptacek said in an interview with eWEEK.
"There are several of these printers on every floor of every business, basically working as file servers for important documents," Ptacek said. "Printers deal with much more sensitive information than your typical file or storage server, but they get no protection whatsoever. They're altogether ignored as a risk on the network. Do you know of anyone looking for patches for a printer? People underestimate how dangerous these things are."
In the financial and health sectors, for example, he said a skilled hacker with unfiltered access to a print server can do serious damage.
"He can hide himself in there with a rootkit, capture all the documents passing through the print server. He can take over the printer and basically have full control of every action. It's the perfect catbird seat," Ptacek said.
A multi-function printer is essentially a small server, and it's probably more or less unprotected. It's long past time to pay attention to your printer security. Skilled hackers might even be able to get their hands on that photocopy you made of your buttocks. Awkward.