Are Hackers Keeping a Hidden Stash on Your HP Printer's Hard Drive?

How to exploit a printer’s vulnerabilities to use it as an anonymous FTP server

Most people still ignore it, but information from peripheral devices (mainly scanners and printers) can be accessed over the Internet. It sounds very bad, and can get even worse, as it doesn’t even require advanced hacking and information security knowledge to exploit this access via ports.

The main targets of these attacks are HP devices, present in millions of home, business, and government environments. For any user who knows where to look, it’s incredibly easy to find some open source software to load and interact with the hard drives of an HP printer using port 9100. In most cases, hackers should only upload a file to the printer and then look for http://<Printer_IP_Address>/hp/device/<File_Name> from any web browser to access. 

This is a serious information security issue, as exploiting this port can deploy many other malicious activities, such as injecting malicious scripts into the printer, which could function as an initial attack stage. In addition, printers can be used as repositories to host malicious, even illicit, content beyond the reach of any legitimate user or law enforcement agency.

There are two main reasons why hackers turn to such devices. First, it is necessary to remember that printers are kept on and online almost permanently, so they continue to host content even in sleep or power-saving mode.

The second reason is the carelessness or little interest of the administrators of these computers, because there are really few times when they stop to review what content is hosted on the storage units on the printers, not forgetting that no one takes the enable sign-in to access these devices.

While public disclosure of vulnerabilities for which there are no fixes is a risky practice, the community of computer security experts considers this to be a completely valid measure for all users to be aware of the risks to which they are exposed due to these devices, which could ultimately result in the adoption of a proactive stance in the face of cybersecurity threats.

In the particular case of HP printers, users could also verify that their device has port 9100 disabled, preventing remote access.