Infosecurity pros know that anything that connects to the Internet can be a security risk unless properly configured. This week they were reminded of that when a security researcher warned that business laser printers with hard drives have to be behind the corporate firewall or risk being used as anonymous FTP servers for hackers.
In particular, he warned administrators with Hewlett-Packard business printers to ensure port 9100 is plugged. Administrators with other networked business printers in their systems have to check the devices’ documentation to see which port is used and has to be secured.
“There are a few free, open source pieces of software that can be used to upload and interact with HP printer hard drives over port 9100,” Chris Vickery said in the blog. “A hacker can host malicious web pages and scripts on your printer and link it to potential victims. Maybe he needs to host an executable somewhere so it can later be served through a wget request. These printers are wonderful repositories. It doesn’t take much creativity to realize that even highly illegal materials could be stored this way.”
In an interview with SecurityWeek Vickery said a search with the Shodan search engine discovered 21,000 vulnerable HP printers on the Internet.
HP told the site its latest printers include security features such as HP Sure Start BIOS protection, Run-time Intrusion Detection and firmware whitelisting.
It also said the exposure can be prevented either by disabling the PostScript PJL/PS filesystem commands or using the more secure protocol IPPS (Internet Print Protocol over HTTPS) instead of Port 9100.
For more advice see the HP Printing Security Best Practices for HP LaserJet Enterprise Printers and HP Web Jetadmin. HP provides the JetAdvantage Security Manager for policy-based security management and WebJet Admin, a free tool that provides web based configuration for HP printers.