Your Network Printer Can Be Hacked

[tim.vangehugten]

This might be helpfull and a warning to all network printers...

Beware: Your Network Printer Can Be Hacked

By David Strom

2008-06-02

The Strominator doesn't want you to live in fear, but this security hacking issue could wreak havoc in your network.

I am not sure I should be telling you this, but your network is a sitting duck for a break-in that is both so elegant and potentially

dangerous.

All you need is your Web browser and some basic knowledge, and while I

put a few things together in this column, it didn’t take me more than

a few minutes of research to do it. This exploit can easily pass through

your firewalls. It can get around your most sophisticated intrusion

prevention systems, and once someone is inside your network, they can

operate in full view of everyone, avoiding the scrutiny of even the

savviest network administrator.

How so, you might ask? Go to Google and type (or copy and paste) in the following text in the search field, and you’ll see an example of what I am talking

about:

inurl:hp/device/this.LCDispatcher

What is going on here? Simple.

Your print servers (among other devices that are connected to your network) have built-in Web and other server that can be used to launch an attack on your network. Many of these print servers have been long forgotten about by anyone in IT. They operate from a position of trust inside your network. They have to;

Otherwise, no one would get anything printed out.

And if you click on any of the retrieved pages in our search above, you will be

transported instantly to print servers that are sitting ducks for

hackers to take over. I managed to connect to ones in China and Germany,

and saw that some needed toner or paper, for example.

Yes, it will take a bit more work to install some rogue application, and

yes, just Googling them isn’t really an exploit. But you should have

felt a chill up your back as I did when I first started thinking about

this situation.

And print servers aren’t the only sitting ducks, just the easiest to

explain. How many other IP-connected devices are running on your network

that have been long since installed and forgotten about? Web cameras?

Industrial equipment? Fax servers? Scanners? These last two could be

even more trouble because they come with phone lines to the outside

world that a hacker could use for further exploits.

As the number of these networked devices increases, the situation is

only going to get worse. So what can you do to stop these sorts of

attacks?

First off, take the time to locate all these forgotten

servers. Do a regular scan of what active IPs are out on your network,

and see if you can associate all of them with known users. Start doing

the research on the unrecognized IP addresses.

Second, scan for traffic on port 9100. This is often the port used by

print servers, and it is an easy way to track down the servers that you

have forgotten. Finally, take some time to read through this

documentation from HP (if you have HP servers) or something similar from

your vendor:

http://h20000.www2.hp.com/bizsupport/TechS....jsp?objectID=b

pj05999

Do you have additional comments on this? I would love to hear from

you. Please post your suggestions, and I will share them.

source: http://www.baselinemag.com/c/a/Security/Be...-Can-Be-Hacked/

[Sparda]

Who is silly enough to allow there printer to have a Internet IP address?

[digip]

Who is silly enough to allow there printer to have a Internet IP address?

Most corporate printers have their own nic and ip address but some (like the HP printers) have complete login capabilities similar to a router. It's just a matter of scanning a network for the devices and trying to login to them.

Saw this article about a month ago: http://isc.sans.org/diary.html?storyid=4453

One thing to note, some of these routers have failover dial up capabilities, and from what I have seen at work, you get blocked when tyring to telnet or http in, but when dialed into with a modem over normal phone lines, they often just put you directly into a command prompt. Not only are Cisco routers and HP Printers vulnerable, but ATM machines are often not configured properly, so it's just a matter of finding the machines phone number, and it not being secured properly, which happens more often than you would think.

[Razor512]

pretty bad security flaw

someone could use superpi and generate pi to 32 million places then print it out over night over and over

[digip]

pretty bad security flaw

someone could use superpi and generate pi to 32 million places then print it out over night over and over

Or bounce through a trusted service to steal information from a company.

[Sparda]

Not only can a printer be an attack vector on to a network (if you are thick enough to let it have a Internet IP address). If someone is able to upload their own firmware, there is no reason they couldn't have the printer email them every document it prints. How much useful information comes out of your printer every week?

[webjockey]

How much useful information comes out of your printer every week?

None

Some security cameras have this feature of an internet IP address. There is even one for a camera overlooking an airport in germany. And also, theres one in Perth, Australia which you can actually control from the WebUI (Pan Left/Right Up/Down, Zoom in/out).

[Razor512]

None

Some security cameras have this feature of an internet IP address. There is even one for a camera overlooking an airport in germany. And also, theres one in Perth, Australia which you can actually control from the WebUI (Pan Left/Right Up/Down, Zoom in/out).

yep there hundreds of them, there fun to look at when your bored :)

http://69.229.56.161/top/liveapplet.html

and if you google around, you will find many in peoples houses that you can control, you will mainly just see people eating or watching tv so it's pretty boring

[beakmyn]

http://www.irongeek.com/i.php?page=securit...kprinterhacking

Yep, nothing new but can be fun, just like some people I know who like to print to random wireless printers they find

[K1u]

Haha... this reminded of http://www.crn.com.au/News/32515,sophos-di...ting-virus.aspx

[Razor512]

if the printer has enough memory, you can download the pi file used to break a record by getting pie to almost 5 billion decimal places

(imagine printing that out )

i wonder if there will ever be a fix for this security flaw

[Sparda]

i wonder if there will ever be a fix for this security flaw

You might have already herd of it, it's a strange word, so I'll brake it up in to smaller pieces. fire (as in burning) wall (as in garden).

[metatron]

if the printer has enough memory, you can download the pi file used to break a record by getting pie to almost 5 billion decimal places

(imagine printing that out )

i wonder if there will ever be a fix for this security flaw

It was never a security flaw, its a feature. The issue is that the world is filled to many Windows admin that have no idea about securing network equipment. The only thing they are certified in, is as about as useful as a second ass hole.

This "flaw" if you will is very, very, very, very....old.

[Sparda]

It was never a security flaw, its a feature. The issue is that the world is filled to many Windows admin that have no idea about securing network equipment. The only thing they are certified in, is as about as useful as a second ass hole.

This "flaw" if you will is very, very, very, very....old.

I'll add that to the list of reasons MSCE's are worthless.

[MRGRIM]

Hummmm MCSE is not a Cisco certification so securing your network is not the same as hardening a server now is it? :P

Again - why would you give you printers access to the web? I can't find a single reason?

[Sparda]

Hummmm MCSE is not a Cisco certification so securing your network is not the same as hardening a server now is it? :P

Again - why would you give you printers access to the web? I can't find a single reason?

Who is silly enough to allow there printer to have a Internet IP address?

A guy with a MSCE doesn't nessaserily know to look for it, they will just plug it in reguardless.

[MRGRIM]

Well exactly that's kind of my point... I'm working toward my MCSE, but I don't claim for a second to know much about networking, I mean ok I've got the basics and can trouble shoot, but thats what we have Network Admins for? I am a big beliver about having specalists do what they are good at... I wouldn't hire a MCSE to monitor my linux network or network security ;) but then again I've "blagged" my skills at an invterview so there might be some validity to your claims :D

[metatron]

Well exactly that's kind of my point... I'm working toward my MCSE, but I don't claim for a second to know much about networking, I mean ok I've got the basics and can trouble shoot, but thats what we have Network Admins for? I am a big beliver about having specalists do what they are good at... I wouldn't hire a MCSE to monitor my linux network or network security ;) but then again I've "blagged" my skills at an invterview so there might be some validity to your claims :D

Anything other than a large company tend to have a small IT team. On average I've noticed you get around 3 people to every 3 to 4 hundred computers. They tend to hire people with MCSE's and expect them to know enough to handle all their network needs, after all management think it's just an Windows network, they don't think about other things.

The reason you have a printer which can be remotely accessed is to make it easier to deploy to remote/small offices and other buildings where you would maybe not want to have to pay/spend time sending your IT staff to.

[manuel]

The point I think that needs to be addressed, is regardless if you are MSCE, CISCO, or other certification, if you are adding devices to a network of any sort, you had better be looking at the bigger picture of overall security.

Hell I'm only officially A+ Certified, but overall security of network devices is a concern for me.

As Metatron stated, who in the hell would put a printer on a public IP address without securing it better? I know I wouldn't regardless of who wanted to print from out of the office.

that's my 2 cents worth

-Manuel

[Justin Ewing]

Networked printers listen on a permanently open port (port 9100) and without authentication. Printers are fundamentally insecure, a factor that makes possible attacks far from difficult.

[webjockey]

Thats another thing I can use against printers, they are my mortal enemy, they never work when I want them to.

[Razor512]

Thats another thing I can use against printers, they are my mortal enemy, they never work when I want them to.

depends on the printer:)

whats really weird is that when searching google, i saw some extremely expensive printers open to this flaw, someone could kill like $300 worth of ink in one night if they print out a a few thousand page long color sheet showing using the full CMYK

just hope ad companies don't start exploiting this, it will be even worst than the cellphone telemarketing calls i had one of those before i could register for the do not call list

(just wish the government could do a do not spam list that will target spammers who fill peoples junk mail folders, using the full force of the military to track them down and test out if a spammer and a few thousand bullets can occupy the same space :). war on spammers is a much more noble cause than war on Iraq, and best of all, there will be far less casualties since our military is sure to have more firepower than the spammers. If it is successful in the US then with luck, other countries will join in and with the combine force of every army on the planet, junk email will be almost nonexistent)

[Sparda]

just hope ad companies don't start exploiting this, it will be even worst than the cellphone telemarketing calls i had one of those before i could register for the do not call list

Windows messenger but far far worse?

[proskater123]

Someone mentioned email alerts? well they already have them built in

http://128.61.51.24/hp/device/this.LCDispa...=hp.EmailServer