January 10, 2012

Ghost In The Machine

We’ve already chronicled on these pages how the proliferation of printers is a bad idea for accounting firms from both the standpoints of effective management and cost. To these we can now add a third problem — the ability of hackers to use printers to successfully invade your network. It is especially a problem for... Read more »

Dave McClure

We’ve already chronicled on these pages how the proliferation of printers is a bad idea for accounting firms from both the standpoints of effective management and cost. To these we can now add a third problem — the ability of hackers to use printers to successfully invade your network.

It is especially a problem for those CPA firms that hang on to hardware for year after year. Or, in this case, more than a couple of years.

Researchers at Columbia University have found that printers connected to the Internet could be used to steal data, access secure networks and even cause a fire through deliberate overheating. And if you think your printer is not connected to the Internet, check the “Remote Firmware Update” feature that allows the printer to check for updates without human intervention. It can be used to plant customized firmware in the printer’s instruction set.

The scary part of all of this is that it neither theoretical or unknown. It was first demonstrated in 2006 and has been acknowledged by printer manufacturers that include Hewlett Packard. And because the threat resides in the printer, networks based on the Mac and Unix operating systems are not immune. Finally, removing a virus or Trojan once it is inserted into the printer’s instruction set would be difficult to impossible.

So do you need to shut off the printer? Not yet. For now, it is possible to establish a first line of defense by making sure your printers were manufactured after 2009. That was the year that manufacturers began to include digital signature instructions in their code sets. Also, it should help if you simply turn off the ability of the printer to access the Internet (or sites on the Internet) directly for updates. Neither of these are a fix, but they should hold you until the printer vendors can release patches to fix the problem.

Connectivity is a zero-sum game. For every benefit we derive from the Internet, there is some potential threat that offsets. As it has been for virtually every new technology since the dawn of man.

Thanks for reading CPA Practice Advisor!

Subscribe for free to get personalized daily content, newsletters, continuing education, podcasts, whitepapers and more…

Subscribe for free to get personalized daily content, newsletters, continuing education, podcasts, whitepapers and more...

Leave a Reply

mcclure_10268610

Dave McClure

Contributing Writer/Columnist

Dave McClure is a U.S. Air Force veteran who flew a B-52 bomber during the Cold War, then became an Air Force Information Officer to hone his skills as a writer, editor and communications manager. He has since been a consultant in business and technology for more than three decades, with degrees in applied science and Organizational Development, with an MBA in Executive Management. He has consulted with companies ranging from Microsoft to General Electric, and has held positions as an accounting software marketing director, media editor, network engineer and professional beta tester for computer hardware and software . His career includes eight years with the NASA Space Shuttle program for BFGoodrich, more than 20 years writing for business and accounting publications, and his tenure as founder and president of the US Internet Industry Association. He is a global expert on IT, Internet and management issues, and currently serves as the co-chair of the International Internet Industry Alliance.