Is Your Printer Stabbing You In The Back?

rated by 0 users
This post has 4 Replies | 0 Followers

Top 10 Contributor
Posts 24,877
Points 1,116,540
Joined: Sep 2007
News Posted: Thu, Feb 14 2008 7:18 AM
Web-enabled businesses (are there any other kind any more?) are always on the lookout for security breaches, and rightfully so, as hackers are working day and night to find overlooked vulnerabilities and exploit them. But office information security managers might be forgetting one fairly large exposure to the risk of stolen information:The networked multifunction printer

Thomas Ptacek, principal and founder at New York-based penetration testing firm Matasano Security, said the risk is more than just theoretical.
"Should my mom be worried that a hacker is living in her printer? No. But, if you're a Fortune 500 company, vulnerable printers on your network is a scary thing," Ptacek said in an interview with eWEEK.

"There are several of these printers on every floor of every business, basically working as file servers for important documents," Ptacek said. "Printers deal with much more sensitive information than your typical file or storage server, but they get no protection whatsoever. They're altogether ignored as a risk on the network. Do you know of anyone looking for patches for a printer? People underestimate how dangerous these things are."

In the financial and health sectors, for example, he said a skilled hacker with unfiltered access to a print server can do serious damage.

"He can hide himself in there with a rootkit, capture all the documents passing through the print server. He can take over the printer and basically have full control of every action. It's the perfect catbird seat," Ptacek said.

A multi-function printer is essentially a small server, and it's probably more or less unprotected. It's long past time to pay attention to your printer security. Skilled hackers might even be able to get their hands on that photocopy you made of your buttocks. Awkward.
  • | Post Points: 20
Top 50 Contributor
Posts 2,747
Points 42,815
Joined: Sep 2006
Location: United States, California

Where there's an ill-will... there's a way!

  • | Post Points: 20
Top 150 Contributor
Posts 795
Points 13,650
Joined: Feb 2008
Location: Reseda
Kamrooz replied on Thu, Feb 28 2008 8:58 PM

 I'm no programmer, but I never would of thought you'd be able to pool information from a printer...Makes sense though, but 

2x Core 2 Quad QX9775 2Gb DDR2-667 Kingston FBDimm 150GB Western Digital Raptor 2x 500 Gb Seagate 7200.10 2x 8800 GT SLI Intel D5400XS (Skulltrail) Gigabyte 3D Aurora 570 Ultra X3 1KW psu 2X Liteon DL DVD-RW Rig courtesy of HotHardware! =D
  • | Post Points: 20
Top 10 Contributor
Posts 6,371
Points 80,285
Joined: Nov 2004
Location: United States, Arizona

 PC load letter WTF is that?? -AHAHAH

"Never trust a computer you can't throw out a window."




G.Skill Ripjaws X 16gb PC2133

Antec P280

Corsair H100

Asus Blu-ray burner

Seasonic X650 PSU

Patriot Pyro 128gb SSD

  • | Post Points: 20
Top 50 Contributor
Posts 2,617
Points 32,625
Joined: Oct 2005
Location: Minnesota, United States

Just think of how weird it'd be to be in the market for a new printer for your business and come across an ad saying -- "Faxes, copies, prints....and now comes bundled with Trend Micro Printer'net security!"

  • | Post Points: 5
Page 1 of 1 (5 items) | RSS