I just replaced our aging printer with a new HP6600 all-in-one. The printer itself promises more pages per ink cartridge, faster printing, faster scanning, air-print for wireless devices and there is only a power cable because it connects to the local home network using Wifi. It was easy to setup and apps were available for all our tablets and phones.
This is all well and good, but the really interesting thing about the new printer is that it comes with a free service from HP that allows you to email documents to the printer from anywhere in the world.
What does this mean and how does this work? I don’t know the exact details, but one thing for sure is that this device has a connection to a server somewhere at HP. My home firewall is a session boarder controller with no ports open. This means that HP has placed a device in my house that is establishing and outbound connection to a network that I don’t control.
I trust HP to keep me secure, but that said, all really important data is not network connected. If the servers at HP were to be compromised, the attacker would have a direct connection to my home network. The fact that I have a firewall would mean nothing.
The inside out problem is one that many people tend to ignore. HP ships their devices with this feature turned off, but the convenience of being able to print using email is very attractive. This is probably not a concern for most home networks, but using these devices in this mode for business should cause you to stop and reflect on the possibilities.
Any time a vendor demonstrates a product that connects to a cloud based service, consider the security implications.