Updated 3/23/2022.
Last week, Steve Gibson with Security Now, discussed an issue that has, to some degree, flown under the radar.
It was first discovered and reported in April. One printer was found vulnerable to security threats, followed by at least 150 other models, with even more under threat. Although a firmware update has been available since the beginning of November, the issue still remains active and worrisome. If this is your first time reading about it, update your device’s firmware now.
Why? Because there’s no auto-update function for printers. The bug can sit there, working away, for unknown amounts of time. Users typically set up their printer and then leave it. Additionally, “The vulnerabilities have had too wide an impact, too high damage, and difficulty in repairing HP until now.” Again–it’s time to update your firmware!
What exactly is the issue?
Well, there are two issues. One has a CVSS rating of 9.3, and an attack timeframe of only a few seconds. The rating is so high (10 being the highest) because of how simply and quickly the attack can occur. All it takes is one employee going on a website with a bad advertisement, and the next thing you know, your whole network is compromised. Thankfully, the other issue requires physical access and takes up to five minutes to execute.
The first is tracked as CVE-2021-39238. This can be tripped via an attack on Internet-exposed devices (think printers with the scan to email option) or via exploitative code on a website or malicious ad (known as malvertising). Simply printing a specific page can trigger the attack, taking over the printer. From there, exploits can self-replicate and spread to other HP printers within the same internal network or via the Internet. Through this attack, hackers can steal data or create botnets.
To prevent malvertising, look into installing uBlock on your machine. It is a free browser extension for content filtering and ad blocking. To learn more, click here.
The second is tracked as CVE-2021-39237. This attack uses a local physical USB port, impacting the printer’s communication board. For example, it could be triggered via printing something off a USB plugged into the printer. Thankfully, due to the need to be physically present and longer execution time, this issue is much less severe.
These attacks give hackers the ability to steal personal info, login credentials used to connect the printer to the network, escalate their privileges to the system level, and make the printer a launchpad to infect other devices on the network with malware.
Because our outsourced IT team supports hundreds of individuals across many companies, there is therefore a multitude of printers that need assistance. For now, we will be taking Internet capabilities off their printers. Although this will inhibit some of the printer’s abilities, it’ll be a surefire way to quickly secure those devices. Additionally, we don’t want to charge our IT support clients’ repetitive and costly billable time!
With the first issue only requiring Internet-exposed devices, our worry is that this type of attack will continue on with the IoT (Internet of Things). This could happen to any smart device, from home appliances to factory equipment. That’s why it’s as important as ever to keep your devices on auto-update, connect to them through private WiFi networks and utilize 2FA and MFA every chance you get. That way, even if a bad guy gets through one door, they won’t be able to get through the next.
March 2022 Update
Hundreds of HP printers within the models, LaserJet Pro, Pragewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet, are vulnerable to remote code execution, information disclosure, and denial of service. What’s this all mean? RCE is a type of cyberattack where the malicious actor can remotely take over someone else’s device or computer. Information disclosure simply means the exposure of sensitive data not meant for the hacker’s eyes. Denial of service is just that–hackers can shut down the device, in this case, a printer, so it’s inaccessible to the users. What should you do? Update your firmware to account for security updates, “place the devices behind a network firewall, and impose remote access restriction policies.”
If you’re worried and unsure about your printer’s security, let’s chat. Give Bill a call at 302-529-3700 and we can get you squared away.
