Printers are essentially computers and as such they are susceptible to malicious attacks. The security risks are compounded when a printer is on the network and is accessible by many computers. HP printers are everywhere and there is a good chance you have one at the office or at home. In HP’s April Security Bulletin, they said a firmware update was coming for several HP model printers due to some vulnerabilities.
It wasn’t until recently, a group of individuals at Tenable were able to gain access a printer’s file system using primitive port scanning and transversal file path exploits. What does this mean? Why do you care? Well, having access to the printers file system allows the attacker to install additional functionalities that will provide insight to what devices are connecting to the computer, password retrieval and even access to the printer’s memory, which stores print jobs. Even though HP has released an update for affected printers, the update has to be applied manually as the ‘auto-update’ feature is off by default.
My recommendation? Make sure to run ‘Check for Updates’ on your HP software center to make sure you are on the most current firmware.
If you would like to read more about this vulnerability and what you can do to fix it, please click on the below links.