Your Printer: It’s Not Dumb. It’s A Potential Security Hole

Stop reading this and have a look at your printer. Go ahead – have a look. When you look at that piece of plastic you probably think that it’s one of the dumbest office technologies in your office.

You basically hit print and paper comes out.
But what you might not realize is that your printer – especially your network printers – is filled with all sorts of complex software and is a mini-computer with a hard disk. What does this mean?
This means that it can serve as a host for a VERY nasty virus and infect your network.
Computer World writes The Blaster worm hit McCormick and Co. hard and fast. It entered the famous spice company through a service provider connection and ripped across plants and offices in a matter of hours. What was most vexing, however, was that the virus kept coming back on disinfected network segments.
Upon further investigation, it turned out that Blaster, as well as some instances of the Sasser worm, were trying to repropagate from infected network printers.

The best protection you can take is to patch, patch, patch and work with your printer vendor to ensure your printer is secure.
The article continues that Last year, Symantec [a sponsor of Small Business Summit 2007] logged 12 new security vulnerabilities for five network printer brands: Brother, Canon, Epson, Fujitsu, Hewlett-Packard, Lexmark and Xerox.
I know there’s so much you have to do to ensure your business is digitally secure – but that’s the cost of doing business so do it.

One thought on “Your Printer: It’s Not Dumb. It’s A Potential Security Hole

  1. Larry Kovnat

    I’m the product security manager for Xerox’s Office Group. I’ve been spearheading the effort within the organization to improve the security of our office devices for almost 5 years now. IT is just beginning to wake up to the need to manage printers and other networked office equipment with the same due diligence applied to desktops and servers. From the network point of view these devices are just another computer node, and need to be managed accordingly. We’ve been trying to get that message out ever since we started making digital MFD’s. Any software person will agree that software is never perfect, and that it must be continually maintained and updated. Go to any one of the security databases, search on Xerox, and you’ll see that almost every one of those was originally reported by us. We keep testing and looking for problems, and when we find something, we let our customers know so that they can go and get the patch. We’re not perfect by any means, and we have some improvements to make in our patch management process, but we keep working on it. I know there are a lot of researchers out there who would like to have more visibility into the internals of our systems so that they can secure the system themselves, which is certainly a noble goal. We try to balance the need for disclosure with the equally important goal of preventing any zero-day attacks. If we can find and patch the holes ourselves (or better yet design them out in the first place – developers, listen up!) then we’ll all be better off.

    Larry Kovnat
    Product Security Manager

Comments are closed.