Almost all organizations have suffered at least one data breach. That much everyone knows. What’s interesting, however, is that many organizations suffered the data breaches because of their printers. And it should not be that surprising a fact as we all see our printers as dumb peripheral devices and don’t give them any attention at all. They are always connected and always on. They are the perfect gateways for someone looking to hijack sensitive data. The proper policy is that our printers should receive the same amount of importance that any other point or tool is getting.
As if we didn’t have too much on our plates already. Now we have to take care of our 3d printers too? The answer is obviously a resounding ‘YES’.
If you are employed by a manufacturer, you will definitely deal with all types of valuable blue prints. Before the manufacturing process begins, these documents get all the security that they deserve, and they should. But once the production starts, it’s a whole different view altogether.
The researchers at SANS Internet Storm Center (ISC) found out that most 3d printers don’t have even the basic restrictions which left them wide open for any kind of exploitation. These printers typically use an open source project. This interface lets users monitor and control the printer from anywhere on the network. People can see the printing process no matter where they are and there are limited or no restrictions at all.
The files that are being uploaded to your printer could be in G-code. This is a simple and unencrypted script that is used to deliver production instructions to the printer for the process of production. If your printer is on a non-restricted network, this simple files can be easily uploaded or downloaded from the printer. Someone with access to the printer and malicious thoughts in mind can also alter these files and change the physical structure of the end product. They can also send malicious codes to the printer and wreck the printer itself.
The first thing is to never assume that the restrictions have been enabled by default. Always check the restrictions and activate them. If you have to give control of the printer online or on the network, make sure that only the people who have the appropriate level of clearance have access to the controls of the printers and the data being sent to it. This control should be constantly monitored by the administrators and they need to ensure that these controls cannot be overridden by other users. Also make sure that there are no anonymous links to the printer or the network.
Does this mean that 3d printers are the only ones under attack or insecure. Absolutely not. In a survey of 200 organizations across the United States and Europe done by Quocirca, it was found that 61% of these companies had seen data breaches through printers.
Make sure that your security policy always includes your printers. Look at the controls that you have in place and ensure that no unauthorized personnel are accessing them. Integrate a data security system that can take care of all these issues for you. Always, always, always overwrite and thoroughly wipe the drives of your printers when throwing them out or returning them to the leasing company.