Last week's BlackHat conference saw a fascinating-sounding presentation on the ways that printers can be used as an entrance to a network, since they are often insecure and unpatched. The money quote for me was, "Stop treating them as printers. Treat them as servers, as workstations."
Once a printer was under his control, O'Connor said he would be able to use it to map an organization's internal network–a situation that could help stage further attacks. The breach gave him access to any of the information printed, copied or faxed from the device. He could also change the internal job counter–which can reduce, or increase, a company's bill if the device is leased, he said.
The printer break-in also enables a number of practical jokes, such as sending print and scan jobs to arbitrary workers' desktops, O'Connor said. Also, devices could be programmed to include, for example, an image of a paper clip on every print, fax or copy, ultimately driving office staffers to take the machine apart looking for the paper clip.
(via Schneier)
Update: Dimitr sez, "I have worked a lot with HP MFP devices and they have a really good checklist of how to secure various aspects of their devices."
