HP Printers Without Passwords Can Easily Be Hack Through Google SearchFebruary 1, 2013 No Comments
Australian IT news site, The Age, reported on January 29, 2013 how network-enabled HP printers that aren’t protected by any security passwords can easily be hacked through using Google Search. Surprising as it seems, Adam Howard showed in his blog Port3000 how he easily found about 86,800 possible results for publicly accessible printers just by using a “quick, well crafted Google search” as he had put it. And just with that, one can easily hacked and gain complete access on these HP printers, sending unwanted commands to the printers.
“There’s something interesting about being able to print to a random location around the world, with no idea of the consequence,” Howard wrote in his blog. “Lock down your printer. There are security concerns here, as many printer models have known exploits which can be used as an entry point to a private network.”
With his findings, Howard have shown how simple it is for hackers to control and manage these unprotected network-enabled printers, gaining important details like the level of ink or toner in their HP printer cartridges, the number of pages it had printed, and the title of these documents. “All it takes is one malicious script written by a clever hacker and you’ll be replacing the paper tray every five minutes, and using up the toner supplies faster than you’ve ever known,” stated Zack Whittaker in his ZDNet’s Zero Day blog. “Perhaps more worryingly, many of these printers do not have passwords enabled and can be directly accessed from outside their company’s firewall.”
In return, Hewlett-Packard said in a statement how the company encouraged its customers to protect their printers by placing firewalls, passwords and providing network credentials only to their trusted parties. “By following the HP recommended security features, printers should not be accessible to the public via the internet.”