Linked by Howard Fosdick on Sat 31st Dec 2011 07:57 UTC
Bugs & Viruses Columbia University researchers claim millions of HP printers could be open to remote attack via unsecured Remote Firmware Updates. Cybercriminals could steal personal information or attack otherwise secure networks. HP agrees there is a theoretical security problem but says no customer has ever reported unauthorized printer access. The company denies some of the claims and is still investigating others.
Thread beginning with comment 501815
To read all comments associated with this story, please click here.
I spotted this a few months ago...
by rklrkl on Sun 1st Jan 2012 10:35 UTC
rklrkl
Member since:
2005-07-06

I submitted a posting to Slashdot a few months back that basically got ignored - HP printers have a Web interface on them that many places (especially academic institutions it seems) actually put on the *public internet* with no password protection or anything!

There is a simple Google search that scarily finds literally millions of them all around the world. Whilst the Web interface doesn't let you erase firmware, you can certainly change the printer config, print test pages etc.

BTW, how many people ever upgrade the firmware on their laser printer? Probably a tiny percentage I suspect, so HP's release of a firmware fix (which probably won't solve the issue of many HP printers being publicly available on the Net without a password) will probably help with new models purchased and not existing ones already out there.

Edited 2012-01-01 10:40 UTC

Reply Score: 4

Gestahlt Member since:
2011-10-17

Its scary how many people, especially some overpayed Administrators are not aware of that.

You can find even more devices like Beamers, Cams, NAS and so on. You just have to google for a sentence in the Webinterface or any other distinguishable stuff and you find boatloads of devices with public IP.. and even default user/pass settings.

A lot of devices can even be accessed via telnet or SSH. Depending on the kind of device you got your entry point to their local network and wreak havoc.

Reply Parent Score: 2