Beware: Your Network Printer Can Be Hacked

By David Strom  |  Posted 2008-06-02 Email Print this article Print
 
 
 
 
 
 
 

The Strominator doesn't want you to live in fear, but this security hacking issue could wreak havoc in your network.

I am not sure I should be telling you this, but your network is a sitting duck for a break-in that is both so elegant and potentially
dangerous.
 
All you need is your Web browser and some basic knowledge, and while I
put a few things together in this column, it didn’t take me more than
a few minutes of research to do it. This exploit can easily pass through
your firewalls. It can get around your most sophisticated intrusion
prevention systems, and once someone is inside your network, they can
operate in full view of everyone, avoiding the scrutiny of even the
savviest network administrator.
 
How so, you might ask? Go to Google and type (or copy and paste) in the following text in the search field, and you’ll see an example of what I am talking
about:
 
inurl:hp/device/this.LCDispatcher
 
What is going on here? Simple.

Your print servers (among other devices that are connected to your network) have built-in Web and other server that can be used to launch an attack on your network. Many of these print servers have been long forgotten about by anyone in IT. They operate from a position of trust inside your network. They have to;
Otherwise, no one would get anything printed out.

And if you click on any of the retrieved pages in our search above, you will be
transported instantly to print servers that are sitting ducks for
hackers to take over. I managed to connect to ones in China and Germany,
and saw that some needed toner or paper, for example.
 
Yes, it will take a bit more work to install some rogue application, and
yes, just Googling them isn’t really an exploit. But you should have
felt a chill up your back as I did when I first started thinking about
this situation.
 
And print servers aren’t the only sitting ducks, just the easiest to
explain. How many other IP-connected devices are running on your network
that have been long since installed and forgotten about? Web cameras?
Industrial equipment? Fax servers? Scanners? These last two could be
even more trouble because they come with phone lines to the outside
world that a hacker could use for further exploits.
 
As the number of these networked devices increases, the situation is
only going to get worse. So what can you do to stop these sorts of
attacks?

First off, take the time to locate all these forgotten
servers. Do a regular scan of what active IPs are out on your network,
and see if you can associate all of them with known users. Start doing
the research on the unrecognized IP addresses.
 
Second, scan for traffic on port 9100. This is often the port used by
print servers, and it is an easy way to track down the servers that you
have forgotten. Finally, take some time to read through this
documentation from HP (if you have HP servers) or something similar from
your vendor:
 
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=b
pj05999

 
Do you have additional comments on this? I would love to hear from
you. Please post your suggestions, and I will share them.



 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters



















 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date