A cyber security expert has unearthed a flaw in HP's Photosmart and Officejet printers that come with a WebScan feature, one that allows anyone to remotely scan a document through a web browser.
The flaw allows anyone on the LAN network to remotely connect to the scanner to retrieve any document that has been left in the scanner. Most HP printers and scanners come with HP WebScan, which is a web based server embedded in the devices to allow remote scanning and administrative functions.
The feature, which is activated by default on every HP all-in-one device, allows anyone to perform a remote scan of a document left on the scanner. As everything is web based, a perpetrator can retrieve other scanned documents by simply guessing their URL, which is fairly easy.
Michael Sutton, vice president for security research at Zscaler, the firm which reported the flaw, explained that this can not only be exploited by a rogue employee in an organisation but also people on the outside, with access to the internet and a web browser.