Printer Networks Vulnerable to Hackers: Report
Printers using server software offered by Hewlett-Packard (HP) are reportedly vulnerable to attack. In fact, it's possible for a hacker to use the flaw to bypass security defenses, steal documents, and crash every machine connected to the same network.
Security researcher Sebastian Guerrero says the problem affects printers using HP's JetDirect software. That software is used for print servers, meaning it can handle any printing request made by a network-connected computer.
Hackers Could Bypass Security Defenses
Guerrero says that a flaw in the JetDirect software could allow an attacker to bypass built-in security defenses -- including fingerprint or smart card verification systems -- and access a network. (Source: pcmag.com)
From there, hackers could reportedly choose to steal previously printed documents or knock network-connected machines offline. The flaw could also be used to seriously damage the infiltrated printer, forcing a reinstallation of its firmware.
"An attacker could trigger a persistent denial of service affecting a large percentage of models and manufacturers," Guerrero reported. (Source: informationweek.com)
Guerrero also noted that advanced hackers could even use the vulnerability to decrypt sensitive information.
"All of the heavily encrypted documents a company has on its computers are automatically unprotected once sent to the print queue and are recorded and stored in the history," Guerrero said.
Guerrero hasn't yet noted which printer makes and models are affected by the flaw. However, he has told the media that the vulnerability affects some Ricoh and HP DesignJet printers.
All JetDirect Printers Vulnerable
Beyond that, Guerrero says that any printer using the JetDirect software is at least vulnerable to security breaches. He implied that the damage one can do beyond accessing a system might vary by printer type.
Hewlett-Packard has not yet publicly commented on the issue. (Source: informationweek.com)
Back in late 2011 a similar problem affecting Hewlett-Packard printers was reported by security experts. HP responded by calling associated reports "sensational and inaccurate." Later, it was found that just 1-2 per cent of all printers were vulnerable to attack.
It's not yet clear what percentage of printers are affected by this latest vulnerability.
UPDATE: HP has since responded to Guerrero's report. The firm says that Guerrero's claim that hackers can recover and steal previously-printed documents is false. Furthermore, a representative said that DDoS threats can be mitigated by setting a more secure password. Finally, HP says restricting device connectivity in HP Access Control can prevent non-authenticated access of print networks.
Free eBook: Windows... On Speed. This 33 page guide will explain how to store your data to reduce disk fragmentation, how to properly remove programs to avoid registry junk, which system maintenance tools you should use to maintain a top notch performance, how to protect your system from malware attacks, and how to physically clean your machine to avoid hardware damage and failure. There's also a troubleshooting section for PCs already affected by deteriorating performance, and how to resolve it. Click here to download this eBook now! Note: this eBook is free, but registration is required; after that, you can select more ebooks and videos for download without registering again. If you have questions / problems with the registration form, please read this.