ICSA Labs, which sets standards for commercial security products, plans to announce on Monday a new program for helping corporations protect themselves from attacks and snooping via Internet-connected devices such as printers, copiers, ATMs, and security cameras.
Under the ICSA Labs Network Attached Peripheral Security Certification and Assessment program, experts will evaluate devices used in corporations and work with vendors to help them understand the inherent security risks to Internet-connected devices, said George Japak, managing director of ICSA Labs, which is an independent division of Verizon Business.
The devices targeted are not those that are part of the computing network infrastructure, like desktops, servers, and routers.
"There is a lot of functionality on those devices being centrally managed and controlled via an Internet connection, and those Internet connections can be compromised," he said. "These unsecured devices are as much of a risk as an unsecured server sitting out on your network."
Remote attackers can exploit weaknesses in software to remotely steal data that sits on the devices, such as sensitive documents that someone has printed or copied. But the devices can also be used to propagate malware across the network, he said.