December 2011
Can your printer attack your computer?
Researchers at Columbia University believe that printers may be a security risk on a network. (When you read the articles, remember that the fuser in a laser printer does not dry ink. It fuses the toner to the paper with heat and pressure. If they can be wrong about that, what else?)
The professor at Columbia who directed the research, Salvatore Stolfo, believes that embedded devices pose a major risk. The concerns run the gamut of some unknown person printing or controlling the amount of toner used and wasting it, to intercepting the printed pages and parsing information from them, to actually sending malicious code to computers on the network.
I'm guessing that the biggest risk is not that an individual network with a vulnerable printer will be discovered by a hacker, but that the servers hosting the e-print information for the printers could be hacked and the addressing and password information obtained. If I can send a job to my home printer using the e-print system provided for the printer, the information is stored somewhere and subject to being compromised. It might make more sense to focus on security for the systems where that information is kept.
As the articles point out, printers aren't the only security risk. Refrigerators that connect wirelessly to your entertainment/computer system, Blue-ray players, game consoles, etc may all be potential traitors to your system.
Can your printer attack your computer?
Researchers at Columbia University believe that printers may be a security risk on a network. (When you read the articles, remember that the fuser in a laser printer does not dry ink. It fuses the toner to the paper with heat and pressure. If they can be wrong about that, what else?)
The professor at Columbia who directed the research, Salvatore Stolfo, believes that embedded devices pose a major risk. The concerns run the gamut of some unknown person printing or controlling the amount of toner used and wasting it, to intercepting the printed pages and parsing information from them, to actually sending malicious code to computers on the network.
I'm guessing that the biggest risk is not that an individual network with a vulnerable printer will be discovered by a hacker, but that the servers hosting the e-print information for the printers could be hacked and the addressing and password information obtained. If I can send a job to my home printer using the e-print system provided for the printer, the information is stored somewhere and subject to being compromised. It might make more sense to focus on security for the systems where that information is kept.
As the articles point out, printers aren't the only security risk. Refrigerators that connect wirelessly to your entertainment/computer system, Blue-ray players, game consoles, etc may all be potential traitors to your system.
