HP printers can be used as malicious files storage

Hackers could be using your corporate printer to keep a stash of malicious or illegal files, a security researcher warns.

Chris Vickery, a security researcher who recently discovered a large US voters database sitting in the open, now warns that HP LaserJet printers can be used as a storage unit.

Without any bells or whistles, if a hacker decides to use it it's very hard to notice.

In fact, the only way to notice is if a system admin checks the log files for incoming and outgoing printer traffic, but Vickery believes few admins really do.

"This kind of printer is usually powered up and online twenty-four hours a day. Even in sleep mode it will still host files," Vickery explained. "And who checks the contents of their printer’s hard drive? What are the odds of this hacker’s secret stash ever being discovered? Pretty low if you ask me."

"Then you also have to consider that any organization leaving their printers exposed to the internet probably doesn’t have the greatest, if any, logging system in place. The chances of being caught are extremely low for the malicious actor.”

Any files that get uploaded to the printer can be accessed at http:// [Printer_IP_Address] /hp/device/ [File_Name], with operations being handled via port 9100.

Vickery concludes his research by saying that, if you have a Hewlett-Packard printer, you should make sure that port 9100 is closed. He also advises everyone to keep printers behind firewalls.

Update: HP used the report to announce three new enterprise class LaserJet printers, which will come with increased security. The embedded security features include:

  • HP Sure Start - detects malicious BIOS attacks and allows self-healing.
  • Whitelisting firmware, making sure only known firmware can be loaded and executed
  • Run-time Intrusion Detection - a new feature that allows in-device memory monitoring

Going forward, these new features will be standard on new HP LaserJet Enterprise printers and OfficeJet Enterprise X printers with PageWide Technology. HP said that these features can be enabled on "several" HP LaserJet Enterprise printers launched in April 2015.

"In addition, two of the features, whitelisting and Run-time Intrusion Detection, can be added to many existing HP LaserJet Enterprise and OfficeJet Enterprise X printers with Pagewide Technology launched since 2011 through an HP FutureSmart service pack update," HP said.