Your Printer Might Not Catch Fire, but You Still Need Printer Security

Sue Marquette Poremba
Slide Show

Five Warning Signs Your Security Policy Is Lacking

Warning signs of a weak security policy from SunGard Availability Services.

Tell me the truth - could you live without your printer? I know I couldn't. I like being able to read things on paper rather than on a screen, so I tend to print out notes and email messages when I'm pulling together a story or trying to understand something complex.


I'm not the only one who has bucked the "paperless" trend. As my colleague Paul Mah wrote:

Despite efforts to shift towards a paperless office over the last decade, the humble printer continues to retain an important role in the offices of today. With larger businesses likely to purchase high-end printer models that incorporate built-in Ethernet ports or even wireless capabilities, SMBs are left with the unique challenge of sharing their USB-based printers in a convenient, yet power-efficient, manner.

In most offices, the printers we depend on are interconnected through a network. And yet, they tend to slip under the wire when it comes to the network-connected devices that need to be protected. That might be because no one thinks about the printer until they have to print out a document or fix a paper jam. (I worked in an office once where half of the staff had no idea how to turn the machine off and on, let alone find the right paper tray.) But the printer is indeed a threat to office security.

Right now, the hot printer security story (perhaps literally) is one that points out that millions of printers could be open to a devastating hack. According to, researchers from Columbia University claim they discovered a "new class of computer security flaws" that could allow printers to be controlled over the Internet by criminals. One of the flaws allegedly targets Hewlett-Packard laser-jet printers, but maybe other printer lines as well:

The flaw involves firmware that runs so-called "embedded systems" such as computer printers, which increasingly are packed with functions that make them operate more like full-fledged computers. They also are commonly connected to the Internet.

One demonstration by the researchers showed how, through a hijacked computer, a printer's fuser, which dries the ink as it prints, could be overheated. This has led to more articles than I can count with titles crying out that this hack could cause your printer to catch fire. We have no idea if that's true, and ZDNet posted HP's response to this story and how to make sure your printer is safe.

Whether or not your printer could be set on fire by a hacker in Eastern Europe, printer security is something that needs to be in the security policy. As the ZDNet piece noted, printers should be kept behind a firewall. Disable remote firmware uploads. Understand how your printer's network connectivity works. But also remember the printer's actual job: printing out documents. People have a bad habit of printing out documents, ranging from databases with sensitive customer information to personal banking statements, and then letting the documents sit on the printer for hours or even days. How often have you hit "print" and then got sidetracked by a phone call or someone stopping by your desk?

A hacked printer is probably the lesser security concern in most offices, but it is the "printer bursting into flames" story that will get all the headlines.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.