HP printers have security flaws that could lead to serious hacks
Palo Alto, California - Serious security vulnerabilities have been found in more than 150 multifunction printer models produced by market leader HP, according to the Finnish security company that discovered them.
Attackers could use the vulnerabilities to gain control of unprotected printers and steal information, the data security company F-Secure announced on Tuesday. In extreme cases, entire networks could potentially be hacked and enormous damage done, it said.
HP could not be reached for comment on Tuesday, though according to F-Secure, the US tech giant has already published software updates to close gaps in the current security.
Multifunction printers, which combine printers with scanners among other things, are mainly used in large offices, though some affected models are also commonly found in private households.
The HP devices in question risk being hacked using manipulated font files containing malicious code. Once the devices are successfully hacked, attackers would be able to steal all the data running through it or temporarily stored on it.
"This includes not only documents that are printed, scanned or faxed, but also sensitive information such as passwords and access data with which the device is connected to the rest of the network," F-Secure warned.
F-Secure contacted HP in the spring to alert the company of its findings. The two companies then worked together to eliminate the vulnerabilities.
HP has now published firmware updates and security advisories for the affected devices. However, these must now be installed by IT administrators across the board in order to avoid cyberattacks.
Cover photo: Collage: IMAGO / Eckehard Schulz & 123RF/faysalfarhan