HP Disputes Printer Security Vulnerabilities

Weaknesses in printer networking software could be used to bypass authentication, deny service and retrieve documents from any user, Spanish researcher says.

Who Is Hacking U.S. Banks? 8 Facts (click image for larger view and for slideshow)
HP is disputing the feasibility of several vulnerabilities in its JetDirect print server software that recently were highlighted by a researcher.
Information security researcher Sebastian Guerrero said that by using HP printer language command tags, hed been able to retrieve other peoples print jobs or assign them to a different user -- thus bypassing fingerprint or smart card checks built into a printer -- as well as
crash a printer
by using printer-command tags containing unexpected content.
Based on what was disclosed it appears that the device was intentionally sent a corrupting job -- basically to try and disable the printer, said Keith Moore, chief technologist at HP LaserJet Solutions group, speaking by phone about one of the disclosed vulnerabilities. If youre intentionally sending corrupt print jobs, yes the printer has a hard time knowing what to do with that, but thats where rebooting [comes in], said Moore.
[ HP is not the only vendor whose printers carry certain security risks. Read
Samsung Printers Have Hidden Security Risk
. ]
The other claims dont seem to be supported, and if you properly configure the device --as we recommend -- [they] technically cant be done, said Moore.
HP takes our customers security very seriously, said a spokeswoman in a follow-up email. Our team has investigated the security allegations ... and determined that the claims that someone can bypass built-in biometric defenses and recover previously printed documents are false.
The crucial point in HPs rebuttal of parts of Guerreros research, however, hangs on printers being properly configured, and to put that into practice, Moore pointed to
HP Imaging and Printing Security Best Practices,
a document HP developed for distribution by the National Institute of Standards and Technologies (NIST). One of the documents chief recommendations is that printer administrators use the free
HP Web Jetadmin
, which is billed as the recommended management tool for all HP network printing and digital sending products, and which can control all of the settings that HP recommends be set to maximize security.
Those configurations boil down to one recommendation: Its essentially setting passwords on devices, or in businesses or enterprises especially, wed encourage people to use something like HP Access Control, where the document wont even come out until youre standing at the device, said Moore, referring to
HP Access Control (HPAC) Printing Solutions
, which is designed to secure sensitive and confidential information in printing environments.
Late last week, Moore said HP was still trying to contact Guerrero to ensure that its obtained a full disclosure of all vulnerabilities. But Guerrero, whos a researcher at viaForensics, reported via email that hed already been in touch. I can assure you that I have been in contact with them and furthermore, they were aware of these vulnerabilities before my article was published, he said.
In fact, in his research Guerrero already had noted that some of his exploits were feasible only when the printer didnt have a password enabled. Discussing viewing someone elses print jobs, for example, I think this one has been misunderstood, he said. As I said before, the printer has a log, where the jobs sent are stored, and some printers include the possibility to preview these jobs. If the printer doesnt use a password you can get access to the log and see the document.
But not all of the vulnerabilities he identified revolve around passwords. For example, to assign a document to a different user, you can set some PCL/PJL tags in order to assign a job to a user, independent of whether the printer did -- or did not -- set a password, he said. If you send the job to its queue, the job will be registered on the log with the information stored in its tags.
Guerrero emphasized that theres no coding flaw here. Its just a leak of security on the printer, this is not HPs bug, he said. Furthermore, this vulnerability affects printers from more manufacturers, for example, Ricoh. I can assure you that.
Another security concern is that any printers inside the network -- from HP or otherwise -- would be vulnerable to remote attacks that retrieve documents that have been printed using the device, or install custom malicious malware, especially if the printers didnt have passwords enabled or arent running security software such as HPAC. HPs Moore, however, dismissed the threat of remote exploits of machines running JetDirect. Typically, a firewall blocks [external attacks], so remote attacks are unlikely, he said.
But Michael Sutton, VP of security research for Web security firm Zscaler Labs, has
published research
showing that embedded Web servers in devices -- such as printers and photocopiers -- are often Internet-connected and unsecured with either passwords or firewalls. That would make the devices of interest for corporate espionage purposes.
Similarly, blogger Adam Howard at Port3000
posted a Google search
Friday that turns up thousands of Internet-connected printers. A quick, well crafted Google search returns about 86,800 results for publically accessible HP printers, said Howard. Theres something interesting about being able to print to a random location around the world, with no idea of the consequence. Lock down your printer :) PS: There are security concerns here, as many printer models have known exploits which can be used as an entry point to a private network.
Likewise, a Google search for LCDispatcher (inurl:hp/device/this.LCDispatcher) shared by the
Google Dorks
website -- amongst other locations -- returned 968,000 hits. LCDispatcher is a component in Internet-connected print servers running JetDirect, meaning the hits are apparently all printers that have their configuration pages available via the Internet.
InformationWeek is surveying IT executives on global IT strategies. Upon completion of our survey, you will be eligible to enter a drawing to receive an Apple 32-GB iPad mini. Take our

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
HP Disputes Printer Security Vulnerabilities