Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Mining printers for valuable information is likely to be used real attackers, says Steve Stasiukonis, managing partner with consultancy Secure Network Technologies (SNT), which also conduct penetration tests against firms. “We never leave any printer unturned,” he says. “There is enormous amount of wealth resident on those devices. There is data that sits inside the machine that is useful to us.”

Security issues with one brand of printer allowed Ben Smith, another independent researcher, to use the storage space on the devices to create a distributed cloud for storing files. Smith, who asked that the company who makes the printers concerned not be named, will present a program dubbed Print File System, or PrintFS, that automatically finds vulnerable printers via the Internet or in an internal network and turns them into a distributed storage network. The storage space could be used by hackers as a store for malicious programs or other material. Smith found that scanning the Internet for the communication ports used by printers turned up more than enough devices to create a large storage network.

“PrintFS scans all the devices and determines whether a given printer is capable of supporting storing data,” he says. “Depending on the devices, most of the time, you can find 20 to 30 unsecured devices [on a local network] and you can get a gig of storage to 30 gigs of storage.”

Heiland says that “even the printers you have at your house, these multifunction printers, have an ability to do a lot over the Web. They don’t integrate as much, but they can do remote printing and remote scanning.”

Both manufacturers and users should take a hard look at any network device, says SNT’s Stasiukonis. “If it carries an IP address on your network and it carries an interface on your network, then it should be looked at from a security standpoint,” he says.

0 comments about this story. Start the discussion »

Credit: Technology Review

Tagged: Computing, security, cyber attacks, hack, cybercriminals, computer networks

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me