Linked by Howard Fosdick on Sat 31st Dec 2011 07:57 UTC
Bugs & Viruses Columbia University researchers claim millions of HP printers could be open to remote attack via unsecured Remote Firmware Updates. Cybercriminals could steal personal information or attack otherwise secure networks. HP agrees there is a theoretical security problem but says no customer has ever reported unauthorized printer access. The company denies some of the claims and is still investigating others.
Thread beginning with comment 501775
To read all comments associated with this story, please click here.
PJL Issues
by Gestahlt on Sat 31st Dec 2011 14:36 UTC
Gestahlt
Member since:
2011-10-17

We at our company do a lot of security on HP devices. We had a few customers suffering from HP Printer exploits. Mostly they were misused as fileservers which can easily exploided by PJL. Older MFPs were suffering most of it since they also had a relatively large HDD (40-80GB).

The PJL exploits are also rather easy to do, and you cant really say its an exploid since its pretty well documented how you upload files and execute commands (except for the ASCIIHEX commands where you can do Printer internal stuff like engine commands, resetting counters and so on)

The first thing you should do is to disable PJL command execution. There are rarely cases you ever need that. There is 3rd Party software that relies on PJL to count printed pages or tray selection but then again you have to tell the devs that they should please refrain from using PJL and using SNMP and PCL instead.

Also this is not an HP only issue. There are a lot of other devices where you can do this kind of exploiting and executing code. Certain Beamers for an instance or also some cheap NAS devices (which can actually be more dangerous since you often have a full Linux shell beneath it). Without proper network security you are at your own fault anyway.

Reply Score: 4

RE: PJL Issues
by Lennie on Sat 31st Dec 2011 16:11 in reply to "PJL Issues"
Lennie Member since:
2007-09-22

Funny you should mention SNMP as a workaround.

Because that was mentioned in a video I posted above as a really easy way to break into those printers if I'm not mistaken:

http://www.youtube.com/watch?v=MPhisPLwm2A

Reply Parent Score: 4

RE[2]: PJL Issues
by Gestahlt on Sun 1st Jan 2012 12:05 in reply to "RE: PJL Issues"
Gestahlt Member since:
2011-10-17

Ha! You are right. You can execute PJL code via SNMP. With SNMPv3 we also got some nice security features but most printers have only v2 and for older MFP models only v1.

Reply Parent Score: 2

RE: report exploits to HP please!
by kateline on Sun 1st Jan 2012 20:45 in reply to "PJL Issues"
kateline Member since:
2011-05-19

Tell your customers to report their HP printer incidents to HP! HP is publicly saying that no customer has ever reported a successful exploit against their printers (as per the posting and referenced article). They need to hear otherwise if this is not the case.

Reply Parent Score: 2

Gestahlt Member since:
2011-10-17

This is known to HP and customers have reported it...

Reply Parent Score: 1