One in Four HP Printers Vulnerable to Hacking

[Anonymous]

One in Four HP Printers Vulnerable to Hacking

As we become increasingly reliant on cloud storage services like Dropbox and iCloud for document access, the printer has become one of those devices we just don’t think about. But a new report on printer security vulnerabilities suggests that our inattention may cost us.

The Guardian is reporting that 25% of Hewlett-Packard printers may be vulnerable to malware attacks, citing work by Columbia University researchers Salvatore Stolfo and Ang Cui. Earlier this year, the duo demonstrated that HP laser jet printers could be hacked with a budget of just $2,000. Stolfo and Cui were able to use the printer’s remote firmware update to install malware that could even be used to set the printer on fire.

In response to the pair’s findings, HP issued more than 56 firmware updates but seven moths later, Stolfo and Cui say not much has changed. In an as-yet-unpublished report for a Finnish security company, the researchers found that only 1-2% of HP laser jet printers have been updated. Even worse, a quarter of those updated printers still use default password settings.

Ari Takanen, founder and chief technical officer for security firm Codenomicon, tells the Guardian that the main vulnerability stems from a printer’s ability to receive documents and emails from the cloud.

“The more and more we are using our printers to send and receive emails, the more and more they are liable to be attacked,” Takanen told the Guardian. “But few people realise [sic] that a lot of devices they have in their home don’t have the firewalls and anti-viral software they have come to expect from their PC and can compromise the networks they are on due to the vulnerabilities in their firmware.”

And it’s not just HP printers that are vulnerable. In their new report, Stolfo and Cui say that a number of well-known vulnerabilities in the operating system used in printers makes the entire market a potential target.

[Author]

August 16, 2012 at 7:59 AM