PALO ALTO, CALIF.—HP says it's time for individuals and businesses to consider the security risks posed by aging network printers
“Printers are a very vulnerable part of the network. All the data and protocols flow through the network,” said Enrique Lores, president of HP's imaging and printing business, during the Power of Print event here at company headquarters.
Lores said the tech giant is moving to raise customer awareness in a number of ways including the creation of a series of online short films by HP Studios that dramatize the security threat posed by printers—and other endpoints such as smartphones and PCs—across several industries including health care.
One short, "The Wolf" stars actor Christian Slater as the bad guy infiltrating a hospital who at one point stares at one of the medical facility’s printers and says, “If it had threat detection before it started printing, it would have stopped my attack.”
Lores said HP starting developing security technology years ago that it hoped would be a key differentiator for HP's products, including its printers. “We invested to make sure HP printers were the most secure in the planet and we’ve gone through a lot of legal checks to make sure we can say that,” said Lores.
“What we have done is integrate all the technology we’ve developed for PCs, servers and network equipment and integrated it to the printers for the same level of security,” he said.
But no security solution is bullet-proof, nor is it automatic. It needs to be managed. Another speaker at the event was Michael Calce, the infamous “Mafiaboy” who as a teenager launched a series of Denial-of-Service attacks that brought down such sites as CNN, Amazon and eBay. With his cyber-attacking days behind him, Calce is now a security consultant for HP and other companies.
“I look at the resources hackers have today and it’s scary stuff,” said Calce. “Anyone in this room could download an OS with 500 tools and 50,000 exploits. Hackers are operating with impunity and it’s gotten sticky with IoT to the point where a baby monitor was used in an attack.”
In a later interview with eWEEK Calce declined to say whether he could hack an HP printer, noting only that they have proven to be the most secure for the past several years. But buying a networked printer from HP or any other manufacturer with built-in security isn’t an automatic solution.
“HP software lets you check and see what’s going on, but you have to manage it,” he said.
“A printer is like any other IP-connected device, as long as there is an IP address, an individual endpoint is hackable,” Roger Kay, president of Endpoint Technology Associates, told eWEEK. “HP emphasizes printers because they make a lot of them. But it’s one more IoT element in a sea of elements that includes things like webcams, phones and PCs.”
Printers may be of particular interest to hackers because they are the most vulnerable endpoint. Calce compared the situation to a bank robber who sees the bank has the best locks on its safe and steel-reinforced walls. “So the robbers go through the floor. It’s the same with hackers, they will attack the endpoints,” Calce told the audience.
“There is one printer per every ten employees, but who manages them? Are the CISOs even aware? There are so many endpoints today that are unmonitored. Printers have evolved,” he added. “They have an embedded OS and 240 functions. Think of a printer as an endpoint and what you need to do to secure it. You can’t afford to have a blind spot like this,” Calce said.
In another presentation, HP’s chief supply chain officer, Stuart Pann detailed some of the company’s efforts to create environmentally-friendly products and services.
HP has invested in recycling centers in Haiti and recycles a million plastic water bottles a day to make printer cartridges. “Why go to Haiti? They have a lot of water bottles, but it’s also the right thing to do. We have made a huge impact with these recycling centers,” said Pann.
In its annual Sustainability Report released June 14, HP said it has a new goal to double factory participation in supply chain sustainability programs by 2025, compared to 2015 and increase both the number of suppliers that participate in its programs and the depth of their engagement. This includes a focus on vulnerable groups including women, students and foreign migrant workers.