Last week, Steve Gibson with Security Now, discussed an issue that has, to some degree, flew under the radar.

It was first discovered and reported on in April. One printer was found vulnerable to security threats, followed by at least 150 other models, with even more under threat. Although a firmware update has been available since the beginning of November, the issue still remains active and worrisome. If this is your first time reading about it, update your device's firmware now.

Why? Because there's no auto update function for printers. The bug can sit there, working away, for unknown amounts of time. Users typically set up their printer and then leave it. Additionally, "The vulnerabilities have had too wide an impact, too high damage, and difficulty in repairing HP until now." Again--it's time to update your firmware!

What exactly is the issue?

Well, there are two issues. One has a CVSS rating of 9.3, and an attack timeframe of only a few seconds. The rating is so high (10 being the highest) because of how simply and quickly the attack can occur. All it takes is one employee going on a website with a bad advertisement, and next thing you know, your whole network is compromised. Thankfully, the other issue requires physical access and takes up to five minutes to execute.

The first is tracked as CVE-2021-39238. This can be tripped via attack on Internet-exposed devices (think printers with the scan to email option) or via exploitative code on a website or malicious ad (known as malvertising). Simply printing a specific page can trigger the attack, taking over the printer. From there, exploits can self-replicate and spread to other HP printers within the same internal network or via the Internet.  Through this attack, hackers can steal data or create botnets.

To prevent malvertising, look into installing uBlock on your machine. It is a free browser extension for content-filtering and ad-blocking. To learn more, click here. 

The second is tracked as  CVE-2021-39237. This attack uses a local physical USB port, impacting the printer's communication board. For example, it could be triggered via printing something off a USB plugged into the printer. Thankfully, due to the need to be physically present and longer execution time, this issue is much less severe.

These attacks give hackers the ability to steal personal info, login credentials used to connect the printer to the network, escalate their privileges to system level, and makes the printer a launch pad to infect other devices on the network with malware.

Because our outsourced IT team support hundreds of individuals across many companies, there are therefore a multitude of printers that need assistance. For now, we will be taking Internet capabilities off their printers. Although this will inhibit some of the printer's abilities, it'll be a sure-fire way to quickly secure those devices. Additionally, we don't want to charge our IT support clients' repetitive and costly billable time!

With the first issue only requiring Internet-exposed devices, our worry is that this type of attack will continue on with the IOT (Internet of Things). This could happen to any smart device, from home appliances to factory equipment. That's why it's as important as ever to keep your devices on auto update, connect to them through private WiFi networks and utilize 2FA and MFA every chance you get. That way, even if a bad guy gets through one door, they won't be able to get through the next.

If you're worried and unsure about your printers' security, let's chat. Give Bill a call at 302-529-3700 and we can get you squared away.

headshot, owner, president, author, partners plus, IT company, IT services, SSD, recommendationBill Hogan is the Owner and President of Partners Plus. He has 40 years of experience in the technology industry, specifically IT support services. Bill has spoken at seminars all over the country about network management and published his latest book in 2018. Partners Plus was selected by PHL17 as the best Computer and Information Technology Support Company in the greater Philadelphia area in 2018.