January 29, 2013
Australian IT news website The Age has reported that thousands of HP printers could be at risk of being hacked after a “well-crafted Google search” by blogger Adam Howard, who pointed out that he was able to find details of 86,800 publically accessible printers after a Google search.
The finding shows that hackers have the potential to control and manage unprotected HP printers remotely, with many institutions already suffering from hackers printing out reams of unwanted documents from their printers. Details such as the amount of ink or toner remaining in the printer, how many pages the printer has printed in its lifetime and how many paper jams it has had are able to be accessed, along with the titles of documents printed.
Howard added on his blog, Port3000, that a more serious security concern could be that as many printer models “have known exploits” they “can be used as an entry point to a private network”.
The Age states that larger organisations are likely to be more commonly affected by such security breaches when “IT staff fail to enable a password on printers when telling their routers to allow inbound connections so that staff can print from one office to another”, with a Google search carried out by Fairfax Media finding that a number of Australian universities all had remotely accessible printers, including the University of Melbourne, which had 26 unprotected printers; the University of New South Wales; University of Queensland; University of Wollongong; and the University of Sydney.
Reacting to the findings, John Dubois, Director of Communications at the University of Melbourne, said: “We are already implementing substantial network improvements which should prevent any unauthorised external access;” while Daniel Saffioti, Deputy Director of Information Technology Services at the University of Wollongong, said: “We have looked into this matter and are rectifying the issue as a matter of urgency.”
HP reportedly said in a statement that it encouraged customers to protect their printers by placing them within a firewall and limiting access of network credentials to trusted parties only, while James Turner, an analyst at IBRS added that the issue was “just once facet where someone decided that it was better for the printers to be easily accessible, than to be secure […]This is the ongoing challenge of the internet. Devices that are intended for easy access on smaller networks can take on new dimensions when plugged into the internet.”
The Recycler recently reported on another potential security flaw in HP’s JetDirect printer software, which is used in internal, external and embedded printer servers sold by a number of OEMs.
Categories : Products and Technology