Of all of the devices we have out there on our networks, is it going to be printers, cameras, and thermostats that cause our undoing?
“Wait… did you say, PRINTERS!?! Are you off your rocker, Brando?”
That was one of the key warnings that came from HP, Inc. in January of this year. I was one of a dozen individuals invited to a day long summit at HP, Inc., where their product leaders and various security experts talked to us about hidden security problems in the enterprise, provided live demonstrations, a tour of the facility, and the highlight, an evening at the HP Garage in Palo Alto.
Let’s take a moment and think back to the advancement of Voice over IP (VoIP). Today, we don’t even think about IP networks and voice calls, but the reality is, so much more of our calls leverage IP networks—both corporate and cellular. Early on in VoIP deployment, my firm was asked to do reviews of architecture and security for these devices. While the end user just saw it as a phone that could display a pretty logo, those in the middle of those deployments saw it as a computer that sat inside a phone shell. Phones before VoIP didn’t have ethernet equivalent connections, so they were not as accessible to those with hacking tools that originated from an IP address. They were more vulnerable to war dialing (oh man, doesn’t that take you back?) than messing with the TCP stack.
But once they made the move to IP, a whole host of problems popped up. Denial of Service attacks (DoS), and now Distributed Denial of Service (DDoS) attacks targeting the SIP protocol became a real problem. Configuration substitution or manipulation became a reality. Gaining access to a trusted device, depending on what all was running on the thing, could lead to lots of problems for those on the security side of the equation. It’s not a phone—it’s a computer that emulates the functionality of a phone (kind of like the device you may be reading this on right now).
Take that same concept and apply it to printers. Improperly configured, those things are just waiting to be hacked and used for all kinds of nefarious purposes.
Take the weekend to think about all those printers you have hanging around your network, how accessible they are, and the kinds of data they have access to. Now, let’s take a look at what we need to do!
Disclosure: This post is sponsored by HP, Inc.
This is a Security Bloggers Network syndicated blog post authored by Branden Williams. Read the original post at: Branden R. Williams, Business Security Specialist