Information Security Update: HP Network Printer Vulnerabilities

Information Security Update: New HP Network Printer Vulnerabilities

Information Security at FireOak StrategiesJune 17, 2017

Many models of HP networked printers include a flaw which allow an attacker to compromise a printer’s embedded network controller and install a persistent backdoor.  Once infected, such a device can be used to launch attacks inside of your network, including intercepting local LAN traffic, exfiltrating confidential data, or attacking other hosts. This is particularly worrisome, as networked printers are often installed in high-value network segments. The HP printer vulnerability was announced in April, but over the past few weeks, exploit code has been made publicly available, and such devices will be subject to an accelerated rate of attack and exploitation.

More details about the vulnerabilities associated with networked printers, along with tips for securing your environment, are available here:

About the Author

Eric Smith is the Chief Technologist at FireOak Strategies. Eric and the team are dedicated to helping CIOs walk the tightrope between security and sharing. Printers are, without a doubt, Eric's least-favorite class of Internet-of-Things (IoT) devices.