HP Printers - Web Admin vulnerability March 19, 2009 15:34 by John Sollars

More than a month ago, we passed on a warning provided by HP regarding a vulnerability that was discovered in the web administration interface of some HP LaserJet models when these are connected to the internet. Basically, the weakness allows hackers and attackers to control the printer remotely using the internet.

HongZheng Zhou of McAfee Avert Labs Blog posted an article recently about HP printers that are still vulnerable to attack. He searched Google for ‘contrallable’ printers and came up with almost 50. Furthermore, almost all of them were not yet patched, despite the fact that HP released firmware updates to address this vulnerability in early February. It looks like there are administrators out there who are ignoring printer device security.

Once again, here are the models that are vulnerable to third party attacks:

HP LaserJet 2410-    HP LaserJet 2410 -    HP LaserJet 2420 -    HP LaserJet 2430 -    HP LaserJet 4250 -    HP LaserJet 4350 -    HP LaserJet 9050 -    HP LaserJet 4345mfp -    HP LaserJet 9040mfp -    HP LaserJet 9050mfp -    HP Color LaserJet 4730mfp -    HP Color LaserJet 9500mfp

Some of you may be wondering – so someone will try to remotely send a print job to my printer, so what? For companies, which are the entities who normally have online printers, this can actually be an issue. The ability to control the printer may actually serve as a gateway for serious hackers who will then attempt to control the other components of the system.

Besides, the mere fact that someone can actually send unnecessary print jobs to your printer will result in wasted paper and will make you or your company open to ‘spam printouts’, where hackers/spammers will take advantage of free advertising and send prints upon prints your way.

We reiterate what we said in February about the spread of the Conficker worm, which stressed the importance of keeping abreast with security bulletins from manufacturing companies.

So, if you have not already done so, protect your HP LaserJet; restrict access to your printer and download the HP firmware updates today from HP.Com-Support

Share

About John Sollars

+John Sollars is the owner and MD of Stinkyink.com. He started the business in 2002 with absolutely no knowledge of how the internet worked - only a burning desire to be in on the cutting edge!. Stinkyink.com has been regularly among the top performing companies in Shropshire as winners and runners up in the Shropshire Chamber of Commerce Best Business competitions. The business has been recognised by both Investors in People (IIP) and also British Standards Institution (BSI) with ISO9001:2008. John is passionate about business and especially small businesses. He is a regular blogger and contributor to blogs about Printing, Small Business and Search Engine Optimisation

Interested in our writers? Come Meet the Stinkyink Editor's Team!

Cee67137d0731a0db8a06a2fe6dd9fd5
This story was posted on March 19, 2009 15:34 and is filed under Printer Troubleshooting, HP Ink News and Tips, HP Toner News and Tips, Technology, HP Printing

Call the ink experts on 0844 414 4141 We accept all major credit and debit cards

Ordered from us before? Log in!

Go to Checkout

Version: 2.5.10