HP Printer Flaw Enables Remote Attacks, Data Access

The telnet debug shell flaw impacts 10 LaserJet Pro printers, according to the HP Software Security Response Team, which issued an advisory last week.

Christoph von Wittich, a security expert based in Germany, was credited with detecting the flaw. Wittich said he detected the vulnerability during a routine network scan of his company's corporate network.

[Related: Apple Vs. Android: Which Smartphone Platform Is Safer? ]

"The printers had a telnet port open which I did not expect to be open," he told CRN. "I tried to connect to the port with a telnet client and I got a debug shell which allows you to disable SSL communication to the HP ePrint Cloud servers and shows the passwords for the HP Cloud server connection in plain text."

Wittich said the vulnerability could also be used for a denial-of-service attack. "As long as the printer is not connected to the Internet, this vulnerability should not cause much trouble for the end user," he said.

Impacted printers identified by HP include HP LaserJet Pro models P1102w, P1606dn, M1212nf, M1213nf, M1214nfh, M1216nfh, M1217nfw, M1218nfs, M1219nf and CP1025nw. Users can download the updated firmware by going to the HP support site and clicking on the Drivers & Software page and then searching for the appropriate printer model number.

The United States Computer Emergency Readiness Team (US-CERT) issued an advisory about the HP vulnerability Monday. US-CERT warned that remotely accessing the telnet debug shell can gain anyone unauthorized access to data.

In recent years, security experts have warned about the increased risk of an attack on Internet-enabled devices, including printers, scanners and fax machines. HP LaserJet printers contained a high-profile vulnerability in 2011 that some experts said could be used by remote attackers to set the devices on fire. The company dismissed those claims, but issued a security update addressing the printer flaw.

Last year, US-CERT warned about a Samsung printer flaw that could give an attacker access to the device configuration, network information, user credentials and information passed through the printer.

The growing attack surface on embedded devices can be used to stage a more serious attack or to leapfrog to more sensitive systems. HD Moore, the creator of the Metasploit penetration tool and chief security officer of Rapid7, found millions of Internet-enabled devices containing weaknesses that could be remotely exploited during a six-month scan of the Internet he conducted last year. Many of the errors are categorized as universal plug-and-play weaknesses that have been well known for years.

PUBLISHED MARCH 11, 2013