You spend time and money to protect your computer from hackers – but the next big threat may come from your printer.
Security is probably the last thing on your mind when you go shopping for a printer. But some experts say your printer may be putting your sensitive information at risk. According to a group of researchers at Columbia University, hackers are now remotely controlling printers and using them to enter secure networks and steal personal information.
According to the researchers, some printers – especially certain HP models — are easier to attack because they don’t go through the same testing and screening processes like computers. And since there is no printer antivirus software on the market, they are susceptible to attack.
Motives for attacks can vary from physical destruction to identity theft. A hacker can send repetitive instructions to a computer that will heat up the printer’s fuser (the mechanism that dries ink on the paper). The printer paper will then turn brown and set itself on fire. Hackers are also using malicious code to erase programming, break through secure firewalls, and steal personal information.
Researcher Ang Cui at Columbia University demonstrated how a hijacked printer sent information from a printed tax return form to a second computer that then scanned the document for pertinent social security information. Once found, the numbers were automatically published to Twitter.
Cui says his team still hasn’t found a way to tell if hackers have succeeded in infecting printers, and furthermore, are unable to pinpoint and fix the exact security issue.
“If and when HP rolls out a fix, if a printer is already compromised, the fix would be completely ineffective. That’s why this problem is so serious – this is nothing like fixing a virus on your PC,” says Cui. The only option right now, Cui says, may be tossing out your infected printer and starting completely over. Fixing this is going to require a very coordinated effort by the industry.
These printer attacks are further proof that you are responsible for your own protection. You can’t assume that any equipment rolls out of the factory protected against hackers.
What do you think about this? Do you think this is a serious threat? Leave a comment and let me know.