The OG of IoT .... Network Printers
I saw the attached article and started to giggle and couldn't resist. Printers have always been a problem since we stopped connecting them with serial cables! First came leaving all your sensitive data in the copy machine itself, then there were the hard drives that amassed a treasure trove of data and what did we do when the copy machine needed to be replaced? We just threw it out, not even thinking about securely destroying the hard drive. As an asisde, since I am ranting about printers, don’t get me started about that little piece of paper stuck in one of the rollers that always caused a paper jam that no one knew how to clear! (Oh that still happens).
Then guess what we did, we gave them an IP address and put them on out network so people can now share printers. Just another endpoint that I am not sure who is ultimately responsible for updating or patching. In reflecting on my over 22 plus years in government, private industry and academia, I can’t name you one person that ever said to me that it was there job to make sure all printers were up to date, let alone see it actually done.
The article talks about how printers are neglicted and not seen as a part of “the network” in a traditional sense. But if it has an IP address it is an end point right? Despite the strain on network administrators you have to have a plan to service these devices right? Or guess what happens? A security alert will go off in the Security Operations Center, that there is a machine infected and spewing out malware and all heck will break loose. In my case, I recall sending members of my team to physical location of the IP address causing the issue, sure enough it was a multifunction printer/fax in the mail room. (Long Sigh)
If printers are an example of how we are going to update and patch IoT devices we are in BIG trouble.