News19,135 Articles

February 9, 2009

HP printer owners exposed by web hack

Flaw lets scammers access printed documents

Gregg Keizer

HP printer owners are being urged to update firmware in a bid to ensure hackers can't get access to documents previously printed from the device.

HP said that users of certain LaserJet, Color LaserJet and Digital Sender models are affected, and urged them to immediately download and install firmware upgrades.

The devices include 10 different LaserJet models - ranging from the 2410 to the 9050 - two Color LaserJet models and the 9200C Digital Sender, a sheet-fed document scanner.

According to Digital Defense, the security company that reported the problem to HP last October, attackers can exploit a bug in the printers' web-based control interface to "read arbitrary system configuration files, cached documents, etc".

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security products

Visit Broadband Advisor for the latest internet news, reviews, tips & tricks - and to take advantage of PC Advisor's unique, independent Broadband Speed Tester

Exploiting the vulnerability, the Digital Defense researchers said, is "trivial" with common web server "directory traversal" tactics. A directory transversal attack is an HTTP-based exploit that lets attackers access restricted directories, and execute commands outside of the server's root directory.

Adrien de Beaupre, an analyst with the SANS Institute 's Internet Storm Center (ISC), agreed the importance of patching printers. "The impact might not seem severe, as in the attacker can view the printer configuration; however, viewing cached versions of printed documents Can be," he said in an alert on the ISC site.

Other than patching, the only other defensive measure available is to disable access to the printers' online control interface, de Beaupre added.

HP listed the affected printers in a security bulletin, which also included instructions on how to download the firmware update.

Computerworld

See also: HP won't sell Mini 1000 Linux netbook in UK

Free whitepaper: Phishing for victims - Truth, myth and cybercrime

<<newer story | back to index | older story>>

What is this?

Subscribe to PC Advisor now and claim your FREE gift

Keep up to date by adding PC Advisor News to your iGoogle home page or Google Reader


Question of the day!

Does your smartphone replace your need for a laptop when on the move?

Question of the day!

Does your smartphone replace your need for a laptop when on the move?

% of PC Advisor readers agree with you

Yes
TBC
No
TBC

What tasks can your smartphone do that would have traditionally been done on a laptop?

119 characters remaining

Follow the conversation at @SmartphoneFocus

web browsing, search facilities, voip, email, word processing everything RT @Graham_D_C

Mainly email but getting better at spreadsheets etc, RT @IDGdan
Google


Recent reviews

Reviews index


Latest reader comments

Latest reader comments


Top news

News index


Latest blog entries

Blogs index


 Our RSS feeds

Sponsored Content

  • Take the internet to new places with the Nokia N800
    Communicate how you want to, where you want to with instant messaging, email and internet calling. View movies, browse the internet wirelessly and watch TV on the high-resolution screen and listen through high-quality stereo speakers with headphone jack.
    Buy now