Vending machines and printers open network threat

Vending machines and printers open network threat

Summary: As common office items such as printers, vending machines and lifts become more advanced and run embedded operating systems, they could easily create vulnerabilities that are often overlooked by administrators.The warning came from Steve Reddock, technical services manager at Internet Security Systems Australasia (ISS), who was presenting on the first day of the AusCERT 2006 conference in Queensland's Gold Coast.

SHARE:
TOPICS: Hardware
1

As common office items such as printers, vending machines and lifts become more advanced and run embedded operating systems, they could easily create vulnerabilities that are often overlooked by administrators.

The warning came from Steve Reddock, technical services manager at Internet Security Systems Australasia (ISS), who was presenting on the first day of the AusCERT 2006 conference in Queensland's Gold Coast.

"The second most common network device is the printer. Printers have moved along and have an awful lot of computing power in them but when was the last time you heard of an organisation that was trying to patch their printers? Like patching your routers, it is just not done very often," said Reddock.

According to Reddock, along with printers, vending machines, lifts and a diverse range of common office equipment can run on embedded versions of Windows and various flavours of Unix. Because these embedded systems are never patched, if they are connected to the network then they are vulnerable to virus attack.

"A US retail company found out -- the hard way -- that their vending machines were running the blaster worm," said Reddock.

Another example Reddock gave was of a company that discovered its elevator control systems were, unknown to the IT department -- surfing the Internet. "It gives a whole new meaning to the term crashing," he joked.

"These practices are incompatible with good security," he said.

The solution, according to Reddock, is putting additional protections on the network and to vigilantly monitor network traffic.

"If you clarify the network traffic properly and keep an eye on [it,] then suddenly when your vending machine starts surfing the Internet then it will stick out like a sore thumb," he added.

Munir Kotadia travelled to the Gold Coast as a guest of AusCERT.

Topic: Hardware

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Old News

    This whole idea was first presented in San Diego, CA back in 2001.

    http://members.cox.net/ltlw0lf/printers/index.html
    anonymous