this post was submitted on 05 Mar 2025
218 points (100.0% liked)
Hardware
1154 readers
298 users here now
All things related to technology hardware, with a focus on computing hardware.
Rules (Click to Expand):
-
Follow the Lemmy.world Rules - https://mastodon.world/about
-
Be kind. No bullying, harassment, racism, sexism etc. against other users.
-
No Spam, illegal content, or NSFW content.
-
Please stay on topic, adjacent topics (e.g. software) are fine if they are strongly relevant to technology hardware. Another example would be business news for hardware-focused companies.
-
Please try and post original sources when possible (as opposed to summaries).
-
If posting an archived version of the article, please include a URL link to the original article in the body of the post.
Some other hardware communities across Lemmy:
- Augmented Reality - !augmented_reality@lemmy.world
- Gaming Laptops - !gaminglaptops@lemmy.world
- Laptops - !laptops@lemmy.world
- Linux Hardware - !linuxhardware@programming.dev
- Microcontrollers - !microcontrollers@lemux.minnix.dev
- Monitors - !monitors@lemm.ee
- Raspberry Pi - !raspberry_pi@programming.dev
- Retro Computing - !retrocomputing@lemmy.sdf.org
- Single Board Computers - !sbcs@lemux.minnix.dev
- Virtual Reality - !virtualreality@lemmy.world
Icon by "icon lauk" under CC BY 3.0
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Networked printers are very common, so if there is a vulnerability exposed to the network the printer can be exploited and infect other machines, or copy all printouts etc
Printers only need a LAN connection. There is no need to give them internet access.
The bigger concern is that infections can spread. Even if the printer isn’t accessible via WAN, something on the network will be. So if something else gets infected, it will be able to spread to the printer via LAN. Unless it’s the only thing on the network, LAN-only won’t fully protect it from infection.
And once it’s infected, you have a rogue device on your network. It can use things like UPnP to access the WAN, turning it into a node for someone’s botnet.
Set some firewall rules. The printer doesn't need to be able to make any outbound connections. It only needs inbound connections on a few ports to work.
I feel like you glossed over the “you have a rogue device on your network” side of things. Even if it can’t reach the internet directly, it will still quietly sit there and try to infect every other device on your network.
If you’re not in the habit of updating your firmware, (and in this case, you’re actively defeating firmware updates), that infection can quickly snowball.
Isn’t the concern that if you infect a printer locally, you can use that to “pivot” to another device on that network that IS connected to the internet?
I see your point, I hadn't thought about it this way. I think what you're suggesting is this:
I don’t really understand your snippet. But yeah i think the issue with IoT devices having connection to any other network device at all is that if they have a security hole that can be exploited through a malicious USB drive or BT or any other compromised device it can connect to, that it can act maliciously in a number of ways. The only true security for devices that can’t get patched is a complete air gap for any connected devices.
My LaserJet is from '08 and still works great with just a USB (or parallel port... lol). It even does an occasional toner transfer or transparency for printed circuit boards. They making 17+ year printers any more
It is nice to have a discoverable printer on the network that anyone can print to from their laptop or phone. I use that feature all the time, especially on d&d nights
A Linux PC connected to the printer can advertise it to LAN with CUPS.