Above 150 Multifunction printer fashions from the world market chief HP could be attacked through manipulated font recordsdata that comprise malicious code.
Attackers might use the vulnerabilities to realize management of unprotected printers and steal info, the Finnish safety firm F-Safe introduced on Tuesday. Within the worst case, the networks could possibly be infiltrated in such a approach that additional injury could possibly be triggered.
HP couldn’t be reached on Tuesday for a remark. Based on F-Safe, the US group has now launched software program updates that may shut the safety gaps. Multifunction printers are primarily utilized in firms and organizations. Nonetheless, a few of the affected fashions are additionally more likely to be present in personal households.
The HP units could be attacked through manipulated font recordsdata that comprise malicious code. The attackers might attempt to trick their victims into visiting a malicious web site, which might mechanically set off a print command. The malicious font contained within the doc allows the attacker to execute further code on the printer.
In consequence, attackers might unnoticed steal all knowledge that’s working by the multifunction gadget (printer, scanner, fax) or is quickly saved on it. “This not solely contains paperwork which can be printed, scanned or faxed, but in addition delicate info equivalent to passwords and entry knowledge, through which the gadget is linked to the remainder of the community,” stated F-Safe.
Don't miss a factor: Subscribe to the t3n e-newsletter! 💌
Observe on the e-newsletter & knowledge safety
Attackers might additionally use the contaminated HP printer as a place to begin to penetrate additional into an organization's community. This might trigger further injury. In a cyber assault, for instance, knowledge could possibly be stolen or modified. Additionally it is attainable to put in encryption software program so as to have the ability to blackmail the victims.
Vulnerabilities recognized for a very long time
Based on the corporate, the researchers at F-Safe approached HP with their findings within the spring and labored along with the producer on eliminating the weaknesses. HP has now revealed firmware updates and security info for the affected units. Nonetheless, these should now be put in throughout the board by the IT directors with the intention to keep away from a wave of cyber assaults.
The Federal Workplace for Info Safety (BSI) acknowledged that the authority didn’t but have any additional technical info. It’s going to due to this fact take some time earlier than the BSI could make a well-founded evaluation. dpa