Critical security vulnerabilities in more than 200 HP printer models
by Tina Siering
Vulnerability warning for more than 200 HP printers
Time and again, attacks occur in which cybercriminals exploit vulnerabilities in printers. Network printers in particular, which have their own processor, are popular targets. The fact that the dangers posed by an attack on printers are real is demonstrated by a report issued by the manufacturer HP a few days ago. According to the report, more than 200 models of this brand have a critical IT security vulnerability. This makes it possible to install and execute malware on the devices. Attackers can also overload the buffer memory and block the device's function. HP itself classifies this flaw as critical.
According to HP, the cause of the vulnerability lies in the Link-Local Multicast Name Resolution (LLMNR). This is a protocol that is necessary for the integration of the printer into the network. HP lists the affected printer models in this warning message.
However, this is not the only acute security problem currently affecting HP products. There is a second warning message for 23 other printer models where a vulnerability allows unauthorized access to information, denial-of-service attacks and the execution of third-party code.
These are the actions you need to take now
Together with the error message, HP also states the way in which the security gap can be closed: by a firmware update. This shows that it is not a hardware bug. Only the software that controls the device's functions offers an attack surface. By updating this, you can avert the danger. This will allow you to use your printer as usual again.
If you use an HP printer, you should first check the two error messages linked above to see if your model is affected. If it is, you will need to download and update the new firmware. It is available for download on HP's support page.
What happens if criminals hack my printer?
Even in times of advancing digitalization, printers are still an indispensable part of office equipment. They can be found in one-man operations as well as in large international corporations. Most users give little thought to security when using the printer.
However, attacking printers can have a variety of consequences. First of all, the focus is on all actions that you perform directly with the printer. A rather harmless problem is that the attackers can initiate nonsensical print jobs. But this already causes some material costs and disrupts the workflow in the company when one of the employees urgently needs the printer. It is much more serious if the attackers steal your data. If they gain access to your printer, they can intercept every document you print. Moreover, such a threat is not only for the current print jobs. Often, the printer stores older information as well. As a result, the attackers can intercept much more data once again. It is also possible to retrieve the contents of scans and fax transmissions. This is often particularly consequential, as these devices are often used to process contracts whose contents are not intended for third parties. All of this facilitates industrial espionage and can lead to significant damage.
In addition, most modern printers are integrated into the company network. This is extremely convenient. However, it brings with it further dangers. An infected printer can be a gateway to the entire network. Thus, it is possible that the attackers also gain access to your employees' devices or to the company server. This can jeopardize the existence of the entire company.
Basic measures for secure use of the printer.
Attacks on your printer are not only possible due to the current security gap at HP. There are also similar problems with other manufacturers time and again, which often only become apparent after a delay. For this reason, it is advisable to provide good basic protection in this area. This makes it harder for attackers to gain access to your device.
Basically, it is important to always keep your printer up to date. Find out regularly if updates are available and install them if necessary. If your device is so old that the manufacturer no longer offers updates for it, you should replace it.
Most attacks occur via the network. Therefore, it is very important to secure it well. You can set up a VPN for this purpose, for example. For large companies, it may be advisable to separate the printer landscape into a separate network. It is also important to make sure you have a good firewall. Assign access rights carefully. Many printers set up a hotspot that allows users to issue print jobs directly via tablet or smartphone. When doing so, make sure to only allow access to authorized employees. If you use the printer to print out particularly sensitive data, it is even advisable to remove it from the network altogether and connect it directly to your computer with a cable.
In large businesses, it may also be a good idea to prevent physical access to the printer or to install a surveillance camera. There have also been reports of third-party cartridges or toners containing faulty chips that facilitate attacks. Therefore, it may also make sense to use only genuine supplies.
Conclusion on the critical security vulnerability in HP printers
Although many users assume that no dangers emanate from a printer, it is also important to ensure a high level of security in this area. Modern network printers in particular offer a wide range of attack surfaces. To prevent the theft of sensitive data, you should therefore always keep your printer up to date and secure your network well. We know from the daily monitoring of our IT security experts that printers that are generally not patched lead to problems time and again. As with all hacker attacks, it is the reaction time that counts here with printers: The longer an attacker goes unnoticed, the greater the potential damage. And above all, there should be the realization that "The hacker doesn't necessarily come via printers, but of course you shouldn't allow the option for this in the first place."
With secion's Active Cyber Defense (ACD) service, you can proactively detect and contain network threats before they become an issue. For this purpose, a specially designed software analyzes all available data of the company network. The early attack detection actively looks for indicators of compromise (IOCs) around the clock. Our Active Cyber Defense team analyzes anomalies and underlying attack activities and informs you immediately as soon as action is required - in case of doubt, your printer then also sounds the alarm.
Need help upgrading your IT security for 2022? Contact us!
Related articles
QR codes have been around for almost 30 years. Today, we scan the square codes with our smartphone as a matter of course to release bank orders, create a digital vaccination certificate or retrieve coupons. However, since QR codes are also used by cybercriminals for fraudulent purposes, you should not trust the little squares without limits. You should be especially careful if you receive a QR code via email: A sophisticated phishing attack could be hiding behind it. We show you how to recognize quishing attacks and protect yourself from them.
Read more … Caution, Quishing: Criminals use QR codes for phishing attacks
In early October, the ransomware group Black Basta attacked an IT service provider of the Deutsche Presse-Agentur (dpa), stealing the data records of 1,500 dpa employees as well as pension recipients of the dpa support fund. Two weeks later, the cybercriminals published the first sensitive data of the victims on the darknet. This incident is just one of many attacks associated with the notorious Black Basta ransomware - and there will be many more to come. That's because, as new research shows, the cybercriminals act very similarly to other aggressive hacker groups.
Read more … Black Basta: New findings on the notorious ransomware
The cybersecurity industry is more dynamic and rapidly changing than any other sector. Today's insights may already be outdated tomorrow. Because at the same pace as IT security develops new measures to protect IT infrastructure, networks, and endpoints, cyber criminals bring new tools to the market, refine attack methods, or use unknown techniques to successfully carry out cyber attacks. Anyone who wants to stay as well informed as possible in the multi-layered environment is dependent on regular updates. This applies equally to technically interested users and IT staff. One popular source of information in Germany is the podcast. More than 40% of all Germans regularly listen to podcasts - one fifth of them daily. We asked our IT security consultants for recommendations on ethical hacking and present our top 5 most popular cybersecurity podcasts here.