Hewlett Packard (HP) is one of the most popular manufacturers of printers for the office and home office. Now, a Finnish IT security company has identified serious leaks in the US manufacturer’s devices. A total of over 150 printers be affected.
Multifunction printers affected
Which printer do you rely on? Should you own an HP, you are guaranteed not the only one. Along with Canon and Epson, the manufacturer is probably one of the most successful companies in the field of printer devices. However, owners of an HP printer must now fear for the security of their data. IT security experts from Finland (F-Secure) have discovered that many devices have serious vulnerabilities. According to the Finnish IT specialists, more than 15 multifunction printers are affected. The devices of the world market leader are said to represent an easy gateway for cybercriminals to gain access to sensitive user data. At worst, the attackers can gain access to the network.
Companies but also private individuals affected
For a successful company like HP, such an incident is truly disastrous. After all, the manufacturer has an extremely good reputation to lose. However, F-Secure has meanwhile announced that the tech company has already rolled out an update that is supposed to close data leaks. However, a quick reaction is also a real must for HP. After all, in the event of serious cyber attacks, the US company could face highly expensive claims for damages. When you consider that the multifunction printers are not only used in private households, but also in large companies, the danger becomes even clearer.
Attack via malicious codes
As part of its remarks, F-Secure also made clear what a potential attack could have looked like. For example, cyber criminals could have gained access using a manipulated font file. Code could have been implemented within the file that would have contained a virus or other malware. This would have made it easy to gain access to the data stored on the device. Since many devices are connected via WLAN, the network key, for example, would have been easily accessible. But other data would also have been visible, according to F-Secure:
“This includes not only documents that are printed, scanned or faxed, but also sensitive information such as passwords and credentials that connect the device to the rest of the network.”
Printers as a gateway
In the worst case, a kind of domino effect could have occurred. Here, the printer would have played the role of the first stone. Brick by brick, attackers could have penetrated deeper into the network and thus not only compromised every device. Accessing sensitive data stored on corporate servers would then also not have been a problem. The associated damage scenarios would have been a real nightmare for any private or legal entity. Blackmail could also have taken place. For example, it would be conceivable for the attackers to install software that encrypts sensitive data. Against payment of a considerable sum, these would then have been released again.
Collaboration between F-Secure and HP
For HP, the security leak is apparently not new. Rather, the experts from F-Secure had already approached the US company at the beginning of the year. They pointed out the problems to the company and together they found a way to close the gateway. The result can now be downloaded in the form of repairing security updates. Accordingly, companies and private individuals can only be advised to download the latest updates for their HP printers.
