The Recycler
  • Ninestar Masthead banner July 2021
  • Katun March Web Advert 2021
  • Biuromax Web ad May 2021
  • Nubeprint Online 425x90
  • ECS Web ad October

HP LaserJets in worldwide security scare

HP LaserJets in worldwide security scare

January 27, 2016

Networked machines in the OEM’s LaserJet range are “a soft target” for hackers, according to a researcher.

HP's LaserJet Pro 200

HP’s LaserJet Pro 200

CSO Online reported on researcher Chris Vickery’s online posting, which highlighted that “exposed HP LaserJet printers offer [an] anonymous FTP to the public”. This means that networked LaserJets that “have been made available to the public by the organisations hosting them” offer potential hackers a “ready-made” server from which to launch cyber attacks or host hacking tools and scripts.

Vickery, the site points out, has mentioned there are “thousands of these devices online”, and that they are “a soft target”, with the printers said to be located “all over the world”, including a majority in the USA and associated with “Comcast, Verizon and AT&T” alongside universities in Minnesota, Pennsylvania, Maryland, Hawaii and California. Other countries with exposed machines include China, South Korea, Taiwan, Canada, Spain, Germany, Poland, Russia and the UK.

The printers are “active 24/7”, but “even in sleep mode they’ll host files”, and Vickery pointed out that “the odds of an internal audit actually examining the contents of a printer’s hard drive are slim”. Going into further detail on what hackers could do, the site points out that the printers could be used “as a staging point to host scripts or tools that can be downloaded when required”, and that hackers could also use them “as a means to host malicious websites and direct victims to them”.

Vickery has previously exposed database leaks affecting millions of people, and noted that “there are a few free, open source pieces of software that can be used to upload and interact with HP printer hard drives over port 9100. After uploading to a printer, the file can be accessed by visiting http://<Printer_IP_Address>/hp/device/<File_Name> with any web browser […] it doesn’t take much creativity to realise that even highly-illegal materials could be stored this way.

“Naturally, you may be wondering why I am highlighting this problem. Won’t it just help amateur hackers elevate their game? Disclosing vulnerabilities will always be a double-edged blade. Sure, some people will take advantage of the information, but it’s my sincere belief that anyone seeking tips on how to protect themselves should also be made aware”. He warned companies that are concerned to ensure “access to port 9100 is restricted and that all networked printers are behind a firewall”.

Categories : Products and Technology

Tags : Crime Printers Security

  • Static Web ad July 2021
  • Armor May banner Ink
  • GPI Web ad October
  • GM Tech Web ad October
  • Mito September 2021 Web Advert
  • Ninestar Big & Bold July 2021
  • IR Italiana Web ad January 2021
  • Aster Web ad October
  • Apex web ad May 2021 version 2
  • CTS Toner Supplies Web ad April 2021
  • Adter Recruitment Web ad April 2021
  • PCL Web ad January 2021
  • CET Web ad September 2021
  • HYB Web ad February 2021
  • PW Dubai December Ad
  • ITP Web ad January 2021
  • Ohana July 2021 web advert
  • ITP Web ad January 2021
  • Adter Recruitment Web ad April 2021
  • PCL Web ad January 2021
  • CTS Toner Supplies Web ad April 2021
  • PW Dubai December Ad
  • CET Web ad September 2021
  • Ohana July 2021 web advert
  • HYB Web ad February 2021
  • PW Dubai December Ad
  • CTS Toner Supplies Web ad April 2021
  • PCL Web ad January 2021
  • CET Web ad September 2021
  • HYB Web ad February 2021
  • Adter Recruitment Web ad April 2021
  • Ohana July 2021 web advert
  • ITP Web ad January 2021

The Recycler, Wittas House, Two Rivers, Station Lane, Witney, OX28 4BH, United Kingdom | Tel: +44 (0) 1993 899800 | Fax : +44 (0) 1993 226899
©2006-2021 The Recycler - Terms & Conditions - Privacy Policy including cookie use

Web design Dorset | Websites by Mark