Placeholder image
  • Biuromax web ad Jan 2021
  • Nubeprint Web ad January 2021
  • Ninestar Masthead Web ad January 2021
  • Speed Web ad January 2021
  • Katun Web ad January 2021
  • Paperworld Middle East Long Web ad January 2021
  • The Recycler Subscribe Web ad January 2021
  • The Recycler Subscribe Web ad January 2021
  • Paperworld Middle East Long Web ad January 2021

HP LaserJets in worldwide security scare

January 27, 2016

Networked machines in the OEM’s LaserJet range are “a soft target” for hackers, according to a researcher.

HP's LaserJet Pro 200

HP’s LaserJet Pro 200

CSO Online reported on researcher Chris Vickery’s online posting, which highlighted that “exposed HP LaserJet printers offer [an] anonymous FTP to the public”. This means that networked LaserJets that “have been made available to the public by the organisations hosting them” offer potential hackers a “ready-made” server from which to launch cyber attacks or host hacking tools and scripts.

Vickery, the site points out, has mentioned there are “thousands of these devices online”, and that they are “a soft target”, with the printers said to be located “all over the world”, including a majority in the USA and associated with “Comcast, Verizon and AT&T” alongside universities in Minnesota, Pennsylvania, Maryland, Hawaii and California. Other countries with exposed machines include China, South Korea, Taiwan, Canada, Spain, Germany, Poland, Russia and the UK.

The printers are “active 24/7”, but “even in sleep mode they’ll host files”, and Vickery pointed out that “the odds of an internal audit actually examining the contents of a printer’s hard drive are slim”. Going into further detail on what hackers could do, the site points out that the printers could be used “as a staging point to host scripts or tools that can be downloaded when required”, and that hackers could also use them “as a means to host malicious websites and direct victims to them”.

Vickery has previously exposed database leaks affecting millions of people, and noted that “there are a few free, open source pieces of software that can be used to upload and interact with HP printer hard drives over port 9100. After uploading to a printer, the file can be accessed by visiting http://<Printer_IP_Address>/hp/device/<File_Name> with any web browser […] it doesn’t take much creativity to realise that even highly-illegal materials could be stored this way.

“Naturally, you may be wondering why I am highlighting this problem. Won’t it just help amateur hackers elevate their game? Disclosing vulnerabilities will always be a double-edged blade. Sure, some people will take advantage of the information, but it’s my sincere belief that anyone seeking tips on how to protect themselves should also be made aware”. He warned companies that are concerned to ensure “access to port 9100 is restricted and that all networked printers are behind a firewall”.

Categories : Products and Technology

Tags :

Leave a Reply

Advertisement

  • GM Tech Web ad January 2021
  • Mito Web ad January 2021
  • Apex Web ad January 2021
  • IR Italiana Web ad January 2021
  • Ninestar Big and Bold Web ad January 2021
  • Hubei Group Web ad January 2021
  • Integral Web ad January 2021
  • Armor web ad January 2021
  • GPI Web ad January 2021
  • Aster Web ad January 2021
  • Static Web ad January 2021
  • Ohana Web ad January 2021
  • PCL Web ad January 2021
  • ECS Web ad January 2021
  • The Jolly Savage Web ad January 2021
  • Paperworld Middle East Web ad January 2021
  • ITP Web ad January 2021
  • HYB Toner Web ad January 2021
  • CTS Web ad January 2021
  • CET Web ad January 2021
  • ECS Web ad January 2021
  • HYB Toner Web ad January 2021
  • Ohana Web ad January 2021
  • ITP Web ad January 2021
  • The Jolly Savage Web ad January 2021
  • CET Web ad January 2021
  • PCL Web ad January 2021
  • CTS Web ad January 2021
  • Paperworld Middle East Web ad January 2021
  • CET Web ad January 2021
  • HYB Toner Web ad January 2021
  • The Jolly Savage Web ad January 2021
  • PCL Web ad January 2021
  • ECS Web ad January 2021
  • Ohana Web ad January 2021
  • ITP Web ad January 2021
  • Paperworld Middle East Web ad January 2021
  • CTS Web ad January 2021