Critical security vulnerabilities in more than 200 HP printer models
by Tina Siering
Vulnerability warning for more than 200 HP printers
Time and again, attacks occur in which cybercriminals exploit vulnerabilities in printers. Network printers in particular, which have their own processor, are popular targets. The fact that the dangers posed by an attack on printers are real is demonstrated by a report issued by the manufacturer HP a few days ago. According to the report, more than 200 models of this brand have a critical IT security vulnerability. This makes it possible to install and execute malware on the devices. Attackers can also overload the buffer memory and block the device's function. HP itself classifies this flaw as critical.
According to HP, the cause of the vulnerability lies in the Link-Local Multicast Name Resolution (LLMNR). This is a protocol that is necessary for the integration of the printer into the network. HP lists the affected printer models in this warning message.
However, this is not the only acute security problem currently affecting HP products. There is a second warning message for 23 other printer models where a vulnerability allows unauthorized access to information, denial-of-service attacks and the execution of third-party code.
These are the actions you need to take now
Together with the error message, HP also states the way in which the security gap can be closed: by a firmware update. This shows that it is not a hardware bug. Only the software that controls the device's functions offers an attack surface. By updating this, you can avert the danger. This will allow you to use your printer as usual again.
If you use an HP printer, you should first check the two error messages linked above to see if your model is affected. If it is, you will need to download and update the new firmware. It is available for download on HP's support page.
What happens if criminals hack my printer?
Even in times of advancing digitalization, printers are still an indispensable part of office equipment. They can be found in one-man operations as well as in large international corporations. Most users give little thought to security when using the printer.
However, attacking printers can have a variety of consequences. First of all, the focus is on all actions that you perform directly with the printer. A rather harmless problem is that the attackers can initiate nonsensical print jobs. But this already causes some material costs and disrupts the workflow in the company when one of the employees urgently needs the printer. It is much more serious if the attackers steal your data. If they gain access to your printer, they can intercept every document you print. Moreover, such a threat is not only for the current print jobs. Often, the printer stores older information as well. As a result, the attackers can intercept much more data once again. It is also possible to retrieve the contents of scans and fax transmissions. This is often particularly consequential, as these devices are often used to process contracts whose contents are not intended for third parties. All of this facilitates industrial espionage and can lead to significant damage.
In addition, most modern printers are integrated into the company network. This is extremely convenient. However, it brings with it further dangers. An infected printer can be a gateway to the entire network. Thus, it is possible that the attackers also gain access to your employees' devices or to the company server. This can jeopardize the existence of the entire company.
Basic measures for secure use of the printer.
Attacks on your printer are not only possible due to the current security gap at HP. There are also similar problems with other manufacturers time and again, which often only become apparent after a delay. For this reason, it is advisable to provide good basic protection in this area. This makes it harder for attackers to gain access to your device.
Basically, it is important to always keep your printer up to date. Find out regularly if updates are available and install them if necessary. If your device is so old that the manufacturer no longer offers updates for it, you should replace it.
Most attacks occur via the network. Therefore, it is very important to secure it well. You can set up a VPN for this purpose, for example. For large companies, it may be advisable to separate the printer landscape into a separate network. It is also important to make sure you have a good firewall. Assign access rights carefully. Many printers set up a hotspot that allows users to issue print jobs directly via tablet or smartphone. When doing so, make sure to only allow access to authorized employees. If you use the printer to print out particularly sensitive data, it is even advisable to remove it from the network altogether and connect it directly to your computer with a cable.
In large businesses, it may also be a good idea to prevent physical access to the printer or to install a surveillance camera. There have also been reports of third-party cartridges or toners containing faulty chips that facilitate attacks. Therefore, it may also make sense to use only genuine supplies.
Conclusion on the critical security vulnerability in HP printers
Although many users assume that no dangers emanate from a printer, it is also important to ensure a high level of security in this area. Modern network printers in particular offer a wide range of attack surfaces. To prevent the theft of sensitive data, you should therefore always keep your printer up to date and secure your network well. We know from the daily monitoring of our IT security experts that printers that are generally not patched lead to problems time and again. As with all hacker attacks, it is the reaction time that counts here with printers: The longer an attacker goes unnoticed, the greater the potential damage. And above all, there should be the realization that "The hacker doesn't necessarily come via printers, but of course you shouldn't allow the option for this in the first place."
With secion's Active Cyber Defense (ACD) service, you can proactively detect and contain network threats before they become an issue. For this purpose, a specially designed software analyzes all available data of the company network. The early attack detection actively looks for indicators of compromise (IOCs) around the clock. Our Active Cyber Defense team analyzes anomalies and underlying attack activities and informs you immediately as soon as action is required - in case of doubt, your printer then also sounds the alarm.