Printers Are Part of the IoT Vulnerability

And the number of IoT devices is estimated to reach anywhere between 20 and 50 billion by 2020

istock 610749178 2

Businesses are putting in a lot of time and effort to exploit the Internet of Things (IoT) and worrying about how they’re going to protect it. But many enterprises overlook IoT devices that are already running in their environment—the networked printer, for example—and are leaving gaping security holes wide open.

Traditional cybersecurity envisioned a defensive perimeter that kept anything bad outside of the corporate network. Today, few hackers consider firewalls, antivirus software, or intrusion detection systems to be tricky to overcome, according to a CIO report.

With the growth in distributed organizations and, in particular, the pervasive use of the internet, there essentially is no longer a perimeter that can be defended. “With perimeter security technologies considered largely irrelevant, hackers are now focused on gaining access to privileged accounts and email passwords by exploiting human vulnerabilities,” CIO observes.

The scope of the challenge is enormous. The AV Test Institute reports that in 2016 its testing systems “recorded an average of 350,000 new malware programs per day, i.e., roughly four new malware samples per second.”

Today, security strategies are honing in on protecting “endpoints” that have access to the network, often from outside the firewall. Market research firm IDC projects that companies worldwide will spend $10.2 billion on endpoint security software in 2017.

Despite this appreciation of endpoint threats, many organizations are overlooking everyday devices that are vulnerable. “Printers are part of the Internet of Things and, like other IoT devices, employ powerful processors and run increasingly advanced operating systems,” says HotHardware. “This makes them useful, it also makes them highly vulnerable, powerful attack vectors.”

The cyber-attack surface area is increasing as IoT endpoints proliferate, warns market research firm Quocirca: “The number of IoT devices—think vending machines, thermostats, video cameras, and networked printers—is estimated to reach anywhere between 20 and 50 billion by 2020. These devices are smart and connected, but they are also vulnerable. IoT devices can be remotely managed, and are able to generate, store, and retrieve a wealth of data as well as initiate service or maintenance requests. For hackers and malware looking for a way into a corporate network, unsecured IoT deployments provide the perfect entry point.”

HP illustrates several potential dangers in a fictionalized video series, The Wolf, starring Christian Slater as a hacker. The Wolf uses a mobile device to access a printer and inject malware to intercept and read data. He then uses a “phishing” email to trick a user into sending malicious code hidden within the print file to a printer. The malware on the printer breaches the firewall and spreads to the company’s PCs. The code resides at the BIOS level, so it can continually supply data and even reinstate itself after network defenses deploy. Finally, The Wolf discovers a confidential document in the output tray of an MFP. The public leak of sensitive data causes the company to suffer considerable financial and brand damage.

While the video is fiction, the threat is not. It’s estimated that the average cost of a cyber breach in 2017 is almost $4 million. To learn more about the potential threats unsecured printers may pose, and how to prevent them, go to HP Print Security.


Copyright © 2017 IDG Communications, Inc.