Your printer typically has pretty limited functionality, or at least one would think, right? It prints, maybe it can print on both sides of the paper, sometimes it can scan documents, and it can allow hackers the ability to steal your data and commandeer your network. Wait, say what?
That’s right, according to a recent lawsuit against Hewlett-Packard, consumers have been purchasing LaserJet printers that have a security flaw that could let malicious users into your network. The lawsuit claims that HP knew about the flaw but sold the printers anyway. The big question is whether or not this is happening elsewhere – what if other or even all printer manufacturers aren’t applying the proper security measures for consumer-based printers?
The security issue was demonstrated by researchers at Colombia University’s School of Engineering and Applied Science a few weeks ago, where they printed a tax return on a hijacked printer which sent the entire document to another computer that tweeted the social security number to Twitter. In another demonstration a rogue update was installed to the printer causing the fuser to overheat and burn the paper. HP is working on a firmware update to patch the security flaw.
The lawsuit claims that tens of millions of printers are vulnerable. Flaws like this can emerge on any hardware or software on a network, so as grim as this sounds, anything you add to the network could contribute to security issues. That isn’t to say businesses shouldn’t expand and try new things, but all hardware and software needs to be managed. These days, devices of all kinds have driver and firmware updates; printers, routers, firewalls, and other network devices all need to be managed and kept up to date. Security needs to be in place for the entire network. Businesses should consider Universal Threat Management devices that protect the network as a whole from outside threats. Antivirus and security updates need to be kept up to date on each and every workstation and server. Hardware and software can be flawed, but you can ensure your business adds a thick layer of protection so less is exposed.
If your company isn’t handling all of the mentioned security practices, it’s time to let Michell Consulting Group handle it for you. For an affordable flat rate, we can cover every device on your network. Give us a call at 305-592-5433 for a completely FREE network audit to discover flaws in your IT infrastructure.