Vending machines and printers open network threat

Summary:As common office items such as printers, vending machines and lifts become more advanced and run embedded operating systems, they could easily create vulnerabilities that are often overlooked by administrators.The warning came from Steve Reddock, technical services manager at Internet Security Systems Australasia (ISS), who was presenting on the first day of the AusCERT 2006 conference in Queensland's Gold Coast.

As common office items such as printers, vending machines and lifts become more advanced and run embedded operating systems, they could easily create vulnerabilities that are often overlooked by administrators.

The warning came from Steve Reddock, technical services manager at Internet Security Systems Australasia (ISS), who was presenting on the first day of the AusCERT 2006 conference in Queensland's Gold Coast.

"The second most common network device is the printer. Printers have moved along and have an awful lot of computing power in them but when was the last time you heard of an organisation that was trying to patch their printers? Like patching your routers, it is just not done very often," said Reddock.

According to Reddock, along with printers, vending machines, lifts and a diverse range of common office equipment can run on embedded versions of Windows and various flavours of Unix. Because these embedded systems are never patched, if they are connected to the network then they are vulnerable to virus attack.

"A US retail company found out -- the hard way -- that their vending machines were running the blaster worm," said Reddock.

Another example Reddock gave was of a company that discovered its elevator control systems were, unknown to the IT department -- surfing the Internet. "It gives a whole new meaning to the term crashing," he joked.

"These practices are incompatible with good security," he said.

The solution, according to Reddock, is putting additional protections on the network and to vigilantly monitor network traffic.

"If you clarify the network traffic properly and keep an eye on [it,] then suddenly when your vending machine starts surfing the Internet then it will stick out like a sore thumb," he added.

Munir Kotadia travelled to the Gold Coast as a guest of AusCERT.

Topics: Hardware

About

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.Munir was recognised as Austr... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.