Beware of your HP printers. They are hackable.
Finland-based security consultancy F-Secure on Tuesday announced the discovery of vulnerabilities affecting more than 150 different HP multifunction printer (MFP) products. HP has since issued patches for these vulnerabilities, essentially improving the security of a significant portion of its MFP units.
Still, now might be a good time for businesses and consumers to reassess the security of their existing printers and consider actions to avoid hacking fallout. For those in need of new printers, the holiday shopping season might provide some good pricing deals.
Considering HP’s status as a leading provider of MFPs, with an estimated 40 percent of the hardware peripheral market, many companies throughout the globe are likely using vulnerable devices, according to the F-Secure report.
Attackers can exploit the vulnerabilities to seize control of devices, steal information, and further infiltrate networks to inflict other types of damage, according to F-Secure’s research.
F-Secure security consultants Timo Hirvonen and Alexander Bolshev discovered exposed physical access port vulnerabilities (CVE-2021-39237) and font parsing vulnerabilities (CVE-2021-39238) in HP’s MFP M725z — part of HP’s FutureSmart line of printers. Security advisories published by HP list over 150 different products affected by the vulnerabilities.
“It is easy to forget that modern MFPs are fully-functional computers that threat actors can compromise just like other workstations and endpoints. And just like other endpoints, attackers can leverage a compromised device to damage an organization’s infrastructure and operations,” according to Hirvonen.
Comments
Post a Comment