The leaks were found by researchers from security company F-Secure. HP has two lists prepared with all affected models. HP was notified by the researchers in April, and the leaks will be fixed in the most recent updates for printers. Users are strongly advised to install those updates as soon as possible.
The leaks allow data to be read from the printer itself. It is also possible to access the user’s network via the printer. It is unknown if the leaks have been exploited yet. Multifunction printers with their own memory are specifically mentioned: such printers could, for example, still have a digital copy of a scanned passport or other sensitive document.
–
–
Attacks possible, but technically complicated
The vulnerabilities enable two types of attacks: remote and physical access to the device. However, both types of attack are complicated, according to the researchers, so a wave of cyber attacks is not expected. There is, however, the danger that the leaks can be misused for a worm virus, which can spread independently among printers without the latest update.
According to F-Secure, printers from other brands may also contain such leaks, but the investigation was limited to printers from HP.
–
–