From 2006 to 2016, the average organizational cost of business security breaches in the United States amounted to 7.01 million U.S. dollars. As depicted in Figure 1, below, the likelihood of enterprises experiencing a breach has increased over the past three years.
Part of the problem, according to a 2015 Ponemon Institute study and relayed by SC Media[BD1] , 56% of enterprises ignore printers in their endpoint security strategies, despite 64% of IT managers believing their printers are likely already infected with malware. Another recent survey conducted by Spiceworks reveals that only 18 percent of IT professionalsdon’t consider printers to be a medium or high risk for malware or breaches. In reality, printers are a tempting gateway for threats such as Funtenna.
Funtenna was developed by Ang Cui of Red Balloon Security calling on the roots of radio-based espionage employed in the Cold War. The exploit was introduced at the Black Hat Conference in 2015. It only takes seven lines of code to transform a laser printer into a backchannel radio device that transmits data without using the company’s Wi-Fi or Bluetooth infrastructure. Using the UART output with a 10-foot cable enabled the hacker to transmit data in a virtually undetectable fashion from inside a building with concrete walls to a receiver on the outside.
Cui noted at the conference that the same kind of exploit could be launched from Internet of Things (IoT) devices, from your HVAC to your automated lights to your internet-connected fridge.
Simply put, the range and scope of Funtenna make it functionally impossible to track on a proactive basis. So how can you protect yourself? Cui makes it clear that the only real defense against Funtenna is for every single internet-connected device to carry on-board security. When you evaluate IoT devices for your business and your home, make sure to ask about or research embedded security.
When it comes to business printers, HP printers have you covered. HP LaserJet and PageWide Enterprise Printers have impressive built-in security to combat an array of exploits, making them the world’s most secure business printers¹.
These features deliver the industry’s deepest printer security1 and the best way to protect your data from malicious exploits like Funtenna. This is not a problem that’s going away, either. More recently, a hacker exploited a vulnerability that found many printers exposed to the internet through port 9100. He then used that exposure to print anti-Semitic fliers to workplaces and homes across North America using a simple Bash script.
Printers are endpoints that need to be secured. Learn more about how you can combat data threats by reading this e-book, your guide to successfully protecting your printer fleet.
¹Based on HP review of 2015 published embedded security features of competitive in-class printers. Only HP offers a combination of security features for integrity checking down to the BIOS with self-healing capabilities. A FutureSmart service pack update may be required to activate security features on the HP LaserJet M527, M506, M577. Some features will be made available as a HP FutureSmart service pack update on select existing enterprise printer models. For a list of compatible products see hp.com/go/LJcompatibility. For more information visit: www.hp.com/go/LJsecurityclaims