HP Printers – Web Admin vulnerability

More than a month ago, we passed on a warning provided by HP regarding a vulnerability that was discovered in the web administration interface of some HP LaserJet models when these are connected to the internet. Basically, the weakness allows hackers and attackers to control the printer remotely using the internet.

HongZheng Zhou of McAfee Avert Labs Blog posted an article recently about HP printers that are still vulnerable to attack. He searched Google for ‘contrallable’ printers and came up with almost 50. Furthermore, almost all of them were not yet patched, despite the fact that HP released firmware updates to address this vulnerability in early February. It looks like there are administrators out there who are ignoring printer device security.

Once again, here are the models that are vulnerable to third party attacks:

-    HP LaserJet 2410
-    HP LaserJet 2420
-    HP LaserJet 2430
-    HP LaserJet 4250
-    HP LaserJet 4350
-    HP LaserJet 9050
-    HP LaserJet 4345mfp
-    HP LaserJet 9040mfp
-    HP LaserJet 9050mfp
-    HP Color LaserJet 4730mfp
-    HP Color LaserJet 9500mfp

Some of you may be wondering – so someone will try to remotely send a print job to my printer, so what? For companies, which are the entities who normally have online printers, this can actually be an issue. The ability to control the printer may actually serve as a gateway for serious hackers who will then attempt to control the other components of the system.

Besides, the mere fact that someone can actually send unnecessary print jobs to your printer will result in wasted paper and will make you or your company open to ‘spam printouts’, where hackers/spammers will take advantage of free advertising and send prints upon prints your way.

We reiterate what we said in February about the spread of the Conficker worm, which stressed the importance of keeping abreast with security bulletins from manufacturing companies.

So, if you have not already done so, protect your HP LaserJet; restrict access to your printer and download the HP firmware updates today from HP.Com-Support

This entry was posted on Thursday, March 19th, 2009 at 4:34 pm and is filed under General News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.