F-Secure Discovers HP Printers Loaded With Security Holes

F-Secure Discovers HP Printers Loaded With Security Holes

Nonetheless, it may be a good time for businesses and consumers to reevaluate the security of their existing printers and take steps to avoid the consequences of a compromise. Those in need of new printers may find some fantastic prices over the holiday shopping season.


According to the F-Secure analysis, many firms throughout the world are likely utilizing susceptible devices due to HP's position as a significant provider of MFPs, with an estimated 40% of the hardware peripheral market.


According to the researchers, attackers can use the flaws to take control of devices, steal information, and further infiltrate networks to cause other forms of damage.

  1. Microsoft will release the Online Service Experience Pack for Windows 11 later this year.
  2. Edge shares your information, after enabling Sync by default


Academic Research Resulted in a Breakthrough


According to Hirvonem, the investigation into printer hacking was initially motivated by professional advancement. To learn more about hardware hacking, the two F-Secure security professionals decided to collaborate on a project.

While HP did an excellent job of securing the MFP in some respects, Bolshev simply needed a few hours to identify the two unprotected physical ports that gave him complete access to the device. According to him, the research was expanded to include a stronger emphasis on stealth in order to generate new tools and insights for use in red teaming and other related actions.


"Only HP printers and the models indicated in HP's Security Bulletins are affected," Bolshev told TechNewsWorld.


An examination of the attack vector


The most effective attack strategy is to dupe a person from a targeted company into visiting a malicious website. As a result, the company's compromised MFP is vulnerable to a cross-site printing attack.


On the vulnerable MFP, the website would automatically and remotely print a document containing a maliciously generated typeface. As a result, the attacker would be able to execute code on the device.


Any information run or cached by the MFP could be discreetly stolen by an attacker having these code execution rights. This includes printed, scanned, and faxed materials. However, information such as passwords and login credentials that connect the device to the rest of the network are affected.

Attackers could also utilize hacked MFPs as a launching pad into an organization's network in order to accomplish other goals. Theft or alteration of other data, as well as the transmission of ransomware, are examples.


The researchers discovered that exploiting the flaws is challenging, which will hinder many low-skilled attackers from exploiting them. According to the F-Secure research, experienced threat actors might utilize them in more focused operations.


Researchers determined that the font parsing flaws can be wormed. As a result, attackers may be able to construct self-propagating malware that automatically compromises MFPs. The hack then spreads to other units on the same network that are vulnerable.

Security Tips for MFPs


Last spring, Hirvonen and Bolshev informed HP of their discoveries and worked with the firm to remedy the flaws. For the impacted devices, HP has released firmware updates and security advisories.


While the attack's sophistication makes it impracticable for some threat actors, the researchers stress the importance of securing susceptible MFPs for enterprises targeted by sophisticated threats.

MFP security measures include, in addition to patching:


  • Physical access to MFPs is being restricted.
  • MFPs are segregated in a separate, firewalled VLAN.
  • Anti-tamper stickers are used to indicate physical tampering with electronics.
  • Using the best practices recommended by manufacturers to avoid unauthorized changes to security settings
  • Putting MFPs in CCTV-monitored places to capture any actual usage of hacked devices at the time they were hacked

This is something that large firms, critical-sector companies, and other organizations facing highly-skilled, well-resourced attackers should take seriously. "There is no need to panic," Hirvonen added, "but they should examine their exposure so that they are prepared for these attacks."


"While the attack is sophisticated, it may be mitigated with fundamental security measures such as network segmentation, patch management, and security hardening," he said.

F-Secure Labs has a thorough technical description of the research.


Patching isn't done automatically.


HP does not provide over-the-air firmware updates. As a result, keeping printer firmware up to date is recommended to avoid any genuine hacking efforts in the wild.

Bolshev noted, "We have no evidence or reports of threat actors utilizing these vulnerabilities in attacks."


Consumers and IT professionals must manually patch their HP hardware. He stated that they must manually download and apply the HP fixes.


He also mentioned that using HP Web Jetadmin to update the firmware for several printers at once is a possibility.

It's always better to be safe than sorry.


According to Bolshev, a skilled attacker could successfully exploit the physical ports in just over five minutes. It would just take a few seconds to carry out the attack that uses the font parser.


"However, these aren't low-hanging fruits that many threat actors would recognize. The font parsing flaw isn't easy to locate or exploit. And anything that necessitates physical access creates logistical challenges for threat actors," he added.

The flaws have been around since at least 2013 and affect over 150 HP printer models. Many businesses are likely to be using insecure MFPs.


"However, smaller firms need not be alarmed because the vulnerability necessitates a reasonably competent attacker." However, larger organizations dealing with well-resourced/highly-skilled threat actors, as well as enterprises in vital sectors, should consider this a viable attack vector," Bolshev said.