Did you know there’s a tool that can search the internet for open ports, or points of access to networks around the world? This information security tool, called Shodan, was historically used to reveal vulnerable computers, networks, and even industrial infrastructure, but today, most users and software suites are advanced enough to protect these obvious points of cyber-weakness. Searching Shodan on the open internet today reveals less unprotected computers than you’d find 10 years ago—but it also shows a shocking number of printers, scanners, and other networked devices just waiting to be compromised.
These types of document-focused devices present a uniquely vexing problem for security researchers, since they’re more than just potential inroads for hackers to reach your sensitive file folders or banking and social media accounts. Networking code is specifically designed to stop machine-hopping, and while it certainly occurs, printers and scanners provide a more direct path for attackers. A compromised printer doesn’t need to expose the whole network to malware to cripple your security—it just has to reveal every document it sees, one by one.
Issue: The danger lies within
When enough time goes by, this view into the daily output of printed and scanned documents can provide ammunition for further security breaches. Since workers often use office devices to scan or print personal documents, and office paperwork often contains personal information about employees, this creates the perfect opportunity for spear-phishing attacks against individual employees, according to Norton. These workers can then ferry malware back into the same business network that infected them in the first place, but this time, the attack may affect an even more sensitive workstation or server.
The problem comes down to the mechanics of how each of these devices processes its job, whether scanning a physical paper into digital form or printing a digital file onto paper. In both cases, the device has to, at some point, hold a complete digital version of the document in its own memory. This means only one device needs to be compromised to potentially make all those documents known. Many modern printers and scanners are essentially simple computers, with storage, memory, and an operating system, yet they haven’t received the same amount of security attention as actual personal computers.
What’s worse, says PCWorld, there are long-standing concerns about how much and how well these devices delete information once you’re done with them. There are few things more frustrating to information security experts than having a document or password lifted from the storage of a recently scrapped office printer while it’s sitting in a recycling centre. This creates a real problem for businesses and personal users—one that affects everything from personal privacy to industrial espionage.
Solution: Turn to integration
Thankfully, there are solutions specifically tailored to deal with the challenges posed by document-focused devices. First and foremost, network administrators should consult the U.S. National Institute for Standards and Technology’s checklist of standard printer security measures. Many of the recommendations are labour intensive, and many require users to refrain from certain types of behaviour. One major initiative recommends administrators maintain a separate virtual local area network connection just for networked devices, like printers—effective, but hardly user-friendly.
Advanced product lines are emerging to provide enterprise and personal customers all the information security available without sacrificing networking or functionality. Secure printing solutions bring the much-needed addition of fully integrated encryption, which automatically secures transmitted data and local storage. This is crucial to ensure devices aren’t just part of a secure network, but that they represent a security hard point savvy attackers will avoid. Now, you can have all the advanced remote features without opening up major security holes.
It’s hard to overstate the level of diligence necessary for enterprise network customers. Some devices specifically provide advanced protection to a printer’s BIOS, the lowest level of programming it contains. They can segregate and secure every run-time decision and injection into memory. Deletions are—and must be—serious affairs; modern security measures always include a method of hard-deleting files by overwriting them with noise multiple times. It’s the type of security that used to require a major investment of time and money, but now, it’s available in a variety of convenient and reliable packages. It’s just a matter of finding and selecting the solution right for you and your business.
There’s little point in focusing on securing your workstations and server infrastructure if you’re just going to network those computers to printers and scanners sporting subpar security. If you’re worried about a possible security breach, those are the devices to shore up first—and with the right series of programs and services, securing them doesn’t mean you need to sacrifice the feature set. For perhaps the first time, a fully networked office can present more opportunities than it does liabilities.