News

How to exploit a printer’s vulnerabilities to use it as an anonymous FTP server

Most people still ignore it, but information from peripheral devices (mainly scanners and printers) can be accessed over the Internet. It sounds very bad, and can get even worse, as it doesn’t even require advanced hacking and information security knowledge to exploit this access via ports.

The main targets of these attacks are HP
devices, present in millions of home, business, and government environments. For
any user who knows where to look, it’s incredibly easy to find some open source
software to load and interact with the hard drives of an HP printer using port
9100. In most cases, hackers should only upload a file to the printer and then look
for http://<Printer_IP_Address>/hp/device/<File_Name> from any web browser to
access. 

This is a serious information security issue,
as exploiting this port can deploy many other malicious activities, such as
injecting malicious scripts into the printer, which could function as an
initial attack stage. In addition, printers can be used as repositories to host
malicious, even illicit, content beyond the reach of any legitimate user or law
enforcement agency.

There are two main reasons why hackers turn to
such devices. First, it is necessary to remember that printers are kept on and
online almost permanently, so they continue to host content even in sleep or
power-saving mode.

The second reason is the carelessness or little
interest of the administrators of these computers, because there are really few
times when they stop to review what content is hosted on the storage units on
the printers, not forgetting that no one takes the enable sign-in to access
these devices.

While public disclosure of vulnerabilities for
which there are no fixes is a risky practice, the community of computer
security experts considers this to be a completely valid measure for all users
to be aware of the risks to which they are exposed due to these devices, which
could ultimately result in the adoption of a proactive stance in the face of
cybersecurity threats.

In the particular case of HP printers, users
could also verify that their device has port 9100 disabled, preventing remote
access.

You Might Also Like