RSS

Discover news, guides, and products for your business

Follow us on:
Security Alert
Security Alert
Practical security advice » More Security Alert » RSS » All Blogs
  • Recommend:
  • 0 Comments
  • Print
Security

Cloud Printers Rain On Security Parade

By Alex Wawro, PCWorld

The modern office printer is a machine of many talents. It can print, copy, and scan your most important documents in a flash. Connect it to the Internet, and it can do all those things and more from any device, anywhere, thanks to the advent of printer apps and nascent cloud computing services like Google Cloud Print or HP’s ePrint. But that same connectivity has made these devices a prime target for hackers seeking easy access to your office.

Cloud printing is here, it works (usually) and it's safe if you follow some simple precautions.

Robert Lemos over at the MIT Technology Review recently spoke to security consultant Deral Heiland about the security risks posed by modern printers. In the course of network penetration testing, Heiland developed “Praeda”, a simple program that seeks out network vulnerabilities exposed by unsecure printers running Web servers with default passwords--or worse, no password protection at all.

This weekend Heiland will demo Praeda and present a few of the most common printer security exploits at the seventh annual ShmooCon, a hacker convention in Washington, D.C. that promotes open discussion of information security.

After testing multiple Web-connected printers this year, we’re expecting these cloud computing devices to be a serious security issue, and we’re not alone; zScaler Labs’ V.P. of Security Research Michael Sutton published a lengthy blog post last year that exposed the simplicity with which a hacker could purloin copies of potentially dangerous documents left on the scanner of unsecured HP all-in-one printers.

Once again, the exploit involves ferreting out unsecured Web-connected printers with simple Google search strings like “Estimated Ink Levels” and “HP PhotoSmart” and taking advantage of poor password security to remotely subvert a printer and scan documents using HP’s WebScan feature.

Ultimately, the real problem exists between the chair and the keyboard: It’s perfectly safe to launch your printers into the cloud, just make sure to take the same security precautions with a Web-connected printer as you would with any other remotely-accessible repository of personal data. Disable remote access features unless absolutely necessary, change your password on a regular basis and never leave sensitive data (business or personal) in memory or on the scanner tray.

Was this article useful? Yes 0 No 0

Read more like this: , , ,

Comments

  • Become an Android authority

    Play music or games, run productivity apps and essential utilities.

    Get the Superguide now!

Business News Daily

Get the latest technology news that's important to you and your business, fresh seven days a week.

Featured Webcasts
More webcasts »

Free Whitepapers

Software and Services Whitepapers from PCWorld

More whitepapers »

Whitepaper Alerts

Get updates on white papers, case studies, and spotlights on tech products and solutions for your business.