11-29-2011 11:55 AM
Just in time for the Malware & Security Event, MSNBC reports that researchers at Columbia University claim to have "discovered a new class of computer security flaws that could impact millions of businesses, consumers, and even government agencies." The flaw exists in HP printers, and perhaps others, and the researchers claim it could allow criminals to remotely control the printer with a list of horribles that could follow.
11-29-2011 05:29 PM
Hi grsamf and welcome to the Community,
Wow, that opens up a whole new nest of worms!
I was going to open a thread here about the security of print servers. I guess I don't have to now.
I'm out and about doing service calls all day and I use a repeater to connect to unsecured networks to check parts orders or to order parts while I'm on the road and I see Print server networks and ad-hoc networks that are unsecured.
I always wondered how secure these networks were for their owners. I suppose not very secure at all.
According to the article, the printer doesn't even have to be connected to the internet, if it is connected to my computer by usb and my computer is online, it's vulnerable.
I just unplugged all my printers.
11-30-2011 03:18 AM
Sophos has an update on this topic today:
If you find a post helpful and it answers your question, please click the "Accept As Solution" button.
Microsoft MVP - Consumer Security
Member of Alliance of Security Analysis Professionals
11-30-2011 12:18 PM
HP Press Release: HP Refutes Inaccurate Claims; Clarifies on Printer Security
11-30-2011 02:53 PM
I plugged ONE back in.
11-30-2011 07:47 PM
I just read the MSNBC article and corresponding commentaries.
I find the concept of a printer being attacked from the public Internet to be rather strange. Most organizations have firewalls, and private internal networks to ensure that their computers cannot be accessed from the public Internet.
Why an organization would configure a printer so that it was Internet accessible is incomprehensible to met.
I think it is very likely that the printers the researchers discovered on the public Internet, were, in fact, public network segments that just happened to contain printers, in addition to computers and other intelligent devices. Although it is hard to conceive of computers having direct network connections these days in lieu of IPv4 scarcity, RFC-1918 and technologies like NAT, there may still be some agencies operating with publicly-routable connections on their "internal" networks.
I don't know how many of the 100,000,000 LaserJet printers Hewlett-Packard has sold are still operational and on the public Internet, the fact that the researchers claim to have identified 40,000 hosts means a potential damaged population of 0.0004%, I believe.
While I do not doubt that there is a workable attack here and that other networked devices may be affected, it seems premature to predict the potential for a pandemic based on the currently available information.