Overpriced home printer ink is annoying. On its own it doesn’t pose a security risk.
We can’t say the same about the technology printer makers use to keep paying too much for their overpriced ink.
There are home office printer models
that stop working if they are not connected to the printer
maker.
Connection risk
That’s risky on two fronts.
First, it means you can’t print if you lose the connection.
There are many ways the link can fail. It could be your local wi-fi network, your internet connection or the submarine cable connecting your country to the printer maker’s servers.
All these need to work for you to print a page on your home printer.
To be fair, connections don’t fail
often. But the failure rate is not
zero.
Dependence
Another way you might lose the connection is if the printer maker’s servers stop working.
Given that the cloud giants all experience downtime, it’s possible your printer maker might be offline when you need to print something in a hurry.
The
outages may not be long, but it is ridiculous that your
ability to print at home depends on the conditions in a
remote server on another continent.
To big to fail
In a similar vein, your printing days could be over if the printer manufacturer goes out of business.
Admittedly that’s not a huge risk, but, again, it is not a zero risk.
Add all the risks together and you
realise you have to put a lot of faith in things you have
little control over just to get a page out of your
printer.
Security alert
A bigger, more worrying, risk is your security.
An internet connection going to your printer potentially punches another hole in your cyber defences.
Connecting printers to the internet isn’t new. It’s been possible to remote print on your home inkjet from anywhere in the world for years.
Modern devices can have embedded servers. They are, in effect, computers in their own right. Again, this is not new.
They
perform tasks like installing new drivers and telling
printer makers you are using third party
ink.
Vulnerable all the time
The difference now is today’s printer servers have to be on all the time. If you block the connections you can’t print.
Chances are the server on your home printer is one of the weakest links in your security chain.
These servers are rarely
protected with more than a password. Sometimes not even
that.
Patching
You may be careful when it comes to updating your computer, phone and apps. Keeping a printer patched is harder work.
Apart from anything else, it can require manual intervention. Automatic software update options are rare.
The controls can have minimal, hard to understand interfaces. There are plenty of opportunities for things to go wrong.
In the past there
have been attacks where printers are used to remotely print
messages. That’s not serious, but it illustrates the
vulnerability.
Compromised
The main problem is that a compromised printer can open the door to everything on your home network. It can be taken over and used to snoop for data or mount external attacks elsewhere. Your printer could become part of a botnet.
Until now printer-to-internet connections have been, up to a point, optional. You could almost always print out pages without needing a live internet link.
Looking at the bigger picture, adding an extra connection back to an account with the printer maker is a small additional security risk. But we live at a time when the idea is to eliminate security risks, not add fresh ones where there is no benefit.
It’s yet another reason to keep the printer turned off and to work on weaning ourselves off printing.
Footnote: Matt East points out that turning the printer off isn't a great idea. He is right, but that's where the printer makers have taken us: to a point where you have to make tradeoffs that should not be necessary.
Your home printer could be a security risk was first posted at billbennett.co.nz.