HP LaserJets in worldwide security scare
January 27, 2016
Networked machines in the OEM’s LaserJet range are “a soft target” for hackers, according to a researcher.
HP’s LaserJet Pro 200
CSO Online reported on researcher Chris Vickery’s online posting, which highlighted that “exposed HP LaserJet printers offer [an] anonymous FTP to the public”. This means that networked LaserJets that “have been made available to the public by the organisations hosting them” offer potential hackers a “ready-made” server from which to launch cyber attacks or host hacking tools and scripts.
Vickery, the site points out, has mentioned there are “thousands of these devices online”, and that they are “a soft target”, with the printers said to be located “all over the world”, including a majority in the USA and associated with “Comcast, Verizon and AT&T” alongside universities in Minnesota, Pennsylvania, Maryland, Hawaii and California. Other countries with exposed machines include China, South Korea, Taiwan, Canada, Spain, Germany, Poland, Russia and the UK.
The printers are “active 24/7”, but “even in sleep mode they’ll host files”, and Vickery pointed out that “the odds of an internal audit actually examining the contents of a printer’s hard drive are slim”. Going into further detail on what hackers could do, the site points out that the printers could be used “as a staging point to host scripts or tools that can be downloaded when required”, and that hackers could also use them “as a means to host malicious websites and direct victims to them”.
Vickery has previously exposed database leaks affecting millions of people, and noted that “there are a few free, open source pieces of software that can be used to upload and interact with HP printer hard drives over port 9100. After uploading to a printer, the file can be accessed by visiting http://<Printer_IP_Address>/hp/device/<File_Name> with any web browser […] it doesn’t take much creativity to realise that even highly-illegal materials could be stored this way.
“Naturally, you may be wondering why I am highlighting this problem. Won’t it just help amateur hackers elevate their game? Disclosing vulnerabilities will always be a double-edged blade. Sure, some people will take advantage of the information, but it’s my sincere belief that anyone seeking tips on how to protect themselves should also be made aware”. He warned companies that are concerned to ensure “access to port 9100 is restricted and that all networked printers are behind a firewall”.
Categories : Products and Technology
