Hackable Multifunction Printers a Weak Link in IT Security

Brendan O'Connor, a security expert at an unnamed U.S. financial company, warned at the Black Hat Security Conference this week that multifunction printers (MFPs), used at many corporations, are easily hackable and pose a security threat to many corporate networks. Note that I'm not talking about the printers we use at home, but ones that are the size of the cart you might place your microwave on (or larger).

Well, yeah. I knew about this long ago when I worked at a company that designed and built MFPs for many OEMs. Most of our printers used Windows (either NT or embedded XP) or Linux. All of these OSes are subject to viruses. If you had one of these OSes, particularly the Windows ones, on your desktop, you would most certainly put an anti-virus program on it. Did we? No, of course not.

Why not? Initial cost. Plus eventually the subscription would run out ANYWAY and the IT manager would have to update the subscription.

In addition to that, if you were running one of these OSes on your desktop, you would also keep updating it with the security patches issued for the OS. But of course, these printers usually just sit there on the network ... we had many outbreaks where the MFPs on our network (which were our design, BTW) would had viruses while the workstations were clean. In some cases there was so much traffic from the MFPs sending email spam, that IT had to shut down the email servers.

So, if your corporation is looking into a MFP, make sure you ask what they do to ensure security. Most likely, no matter what they do, you will need to keep your eye on the device for updates that you might see to that OS in general, and harass the company for an update when you see a critical patch.

Tags: Security, Virus, Technology, Trojan, Printer, Windows, Linux, Software