HP MFPs facing security vulnerabilities

HP MFPs facing security vulnerabilities

Over 150 HP printers were tested by F-Secure Corp and were found to have security vulnerabilities that date back to 2013.

Security concerns are a global phenomenon, especially in the age of data. From entire databases getting hacked to something as menial as a printer, security vulnerabilities are always present. A relatively broad range of HP Multifunction Printers (MFPs) are facing issues like that. Recently, F-Secure Corp, a cybersecurity solution firm, spotted security threats in HP printers.

This all started with researchers Alexander Bolshev and Timo Hirvonen testing HP printers to see if they could get hacked, and as we know now, they were successful. The test was then carried out on other printers, and the researchers were able to hack into them every time. Hence, they concluded that there are widespread vulnerabilities in HP printers.

Threats associated with the security issues

The vulnerabilities associated with HP printers might not seem like a significant concern, but there are some major threats an organization can face due to compromised printers. For instance, font parsing and physical access port vulnerabilities allow attackers to deploy a cross-site printing attack. This is done by phishing an individual into visiting a malicious website and exposing the vulnerable printer. The attack would remotely and automatically print documents containing malicious fonts on the printer.

Another major vulnerability is the attacker’s ability to create a self-propagating worm. This is capable of spreading itself to other vulnerable printers throughout all the printers within the network. Additionally, these vulnerabilities can be dated back to 2013, further complicating matters.

The researchers conclude that the reason that these vulnerabilities exist due to inadequate network security hygiene. Printers are an endpoint, just like any other device you may have. That being said, it is often neglected, making it an open target for malicious activities.

Therefore, users should install all security updates available for printers and other connected devices. Doing so will keep your device protected at all times.