As common office items such as printers, vending machines and lifts become more advanced and run embedded operating systems, they could easily create vulnerabilities that are often overlooked by administrators.
The warning came from Steve Reddock, technical services manager at Internet Security Systems Australasia (ISS), who was presenting on the first day of the AusCERT 2006 conference in Queensland's Gold Coast.
"The second most common network device is the printer. Printers have moved along and have an awful lot of computing power in them but when was the last time you heard of an organisation that was trying to patch their printers? Like patching your routers, it is just not done very often," said Reddock.
According to Reddock, along with printers, vending machines, lifts and a diverse range of common office equipment can run on embedded versions of Windows and various flavours of Unix. Because these embedded systems are never patched, if they are connected to the network then they are vulnerable to virus attack.
"A US retail company found out -- the hard way -- that their vending machines were running the blaster worm," said Reddock.
Another example Reddock gave was of a company that discovered its elevator control systems were, unknown to the IT department -- surfing the Internet. "It gives a whole new meaning to the term crashing," he joked.
"These practices are incompatible with good security," he said.
The solution, according to Reddock, is putting additional protections on the network and to vigilantly monitor network traffic.
"If you clarify the network traffic properly and keep an eye on [it,] then suddenly when your vending machine starts surfing the Internet then it will stick out like a sore thumb," he added.
Munir Kotadia travelled to the Gold Coast as a guest of AusCERT.
This whole idea was first presented in San Diego, CA back in 2001.
http://members.cox.net/ltlw0lf/printers/index.html