Experts say there are serious security risks associated with such practicesAdam Howard, a software engineer from the UK, has found that over 85,000 HP printers are publicly accessible on the Internet. The number has been determined via a “well crafted” Google search.
“There's something interesting about being able to print to a random location around the world, with no idea of the consequence. Lock down your printer,” Howard noted.
“There are security concerns here, as many printer models have known exploits which can be used as an entry point to a private network,” he added.
Experts from Sophos agree that there are some serious security risks.
“There's a security risk implicit in letting untrusted outsiders connect to internal devices. Printers these days have their own OS, network stack and often rather powerful firmware. A lot could go wrong,” explained Paul Ducklin, Sophos's head of technology, Asia Pacific.
Ducklin also notes that this is “resource mismanagement.” Organizations could waste a lot of money if someone started printing documents on their devices.
In addition, a computer virus, such as the 2002 Bugbear that copied itself on all the devices it could find on a network, could easily print out thousands of pages of random characters, consuming paper and toner.
“Coming in on Monday morning to an empty paper feeder and 2000 pages of wingding-a-ling drivel in the output tray focused the mind of many a company beancounter!” the expert noted.
There are a couple of noteworthy things here. First of all, these are only HP printers, so it’s likely that hundreds of thousands of devices are actually publicly visible on the Web.
Secondly, when Howard performed the Google search, there were 86,800 printers. However, now there are 87,300, which means that the number is constantly increasing.