Printers, pre-dating IoT for lax security by many years!
Visiting a booby-trapped webpage could give attackers code execution privileges on HP network printers
Tricking users into visiting a malicious webpage could allow malicious people to compromise 150 models of HP multi-function printers, according to F-Secure researchers. The Finland-headquartered infosec firm said it had found "exploitable" flaws in the HP printers that allowed attackers to "seize control of vulnerable devices …
COMMENTS
-
Tuesday 30th November 2021 18:10 GMT Anonymous Coward
Malware or just a link to the firmware update site?
If you want to render your HP printer unusable because you used non-branded toner, or have it stop printing black and white because you've run out of magenta, or because the cartridges have "expired" then all you need do is go to the official HP support site and install the latest firmware.
Are the researchers really sure that installing the latest firmware is the best course of action when dealing with this new threat?
-
-
Wednesday 1st December 2021 23:24 GMT J. Cook
THis is known as a "damned if you do, damned if you don't" scenario.
the only proper fix is the throw the printer in the trash* and buy a new one, preferably a different brand that doesn't do that sort of nonsense. (or buy a second hand model that pre-dates said nonsense.)
* or do like the old 80's vintage tire commercial, and throw the broken printer through the corporate headquarter's shiny windows...
-
Thursday 2nd December 2021 01:12 GMT John Brown (no body)
"the only proper fix is the throw the printer in the trash* and buy a new one,"
Many of the HP MFPs out in the wild may be leased on a pay-per-print deal, which seems cheap up front but can get expensive long term. They will usually be "managed" by the lessor, who needs constant external access to your network, the MFPs need to "phone home" frequently to report on usage and order supplies etc. The organisation leasing them will have little control over firmware upgrades, that's the lessors problem. Except now it's also your problem. There's a great big hole in your network. (I would hope that the management interface is a box inside your network and the lessor managing the devices has to log in securely through that, but I bet that's not always the case.)
-
-
-
Tuesday 30th November 2021 21:45 GMT Bitsminer
Re: Malware or just a link to the firmware update site?
Pro-tip: When you run out of magenta, and printing is paused because "no colours remain", you can either (a) reboot or (b) find the Services app under Windows Administration, and restart the Print Spooler service. Printing should then begin.
There is probably a CMD-line incantation to restart the Print Spooler too.
Extra points for those who can explain why it's called a Spooler.
-
Wednesday 1st December 2021 12:56 GMT Licenced_Radio_Nerd
Re: Malware or just a link to the firmware update site?
net stop spooler
net start spooler
Of course, the above needs admin-rights on a Windows machine, and may need to be restarted on the device that is sharing the printer. Corporate environments will have a server sharing all of the in-office printers, so restarting the spooler service on your laptop/desktop will do little.
A fun issue is when spooler files (.spl) get stuck and you cannot print. You have to stop the service, dig into where they hide, delete them, then restart the spooler. I have had home-users state they will go and buy a new printer because they cannot print. A quick clear-out of stuck .spl files cures all!
"Spooler" is probably a hang-over from the days of dot-matrix and daisy-wheel printers which had a spool of ink infused ribbon. Or it was called that as a joke, and no-one bothered to change it...
-
Wednesday 1st December 2021 13:12 GMT Captain Scarlet
Re: Malware or just a link to the firmware update site?
Why not just turn off snmp pooling on the printer port (Uncheck "SNMP Status Enabled" on the port settings, been the same box since Windows 2k)?
Much simpler than restarting the print spooler service.
Also some applications still call printing spooling (Such as Sage Line 500)
-
Wednesday 12th January 2022 00:43 GMT cuthbertgraak
Re: Malware or just a link to the firmware update site?
"Spooler" is the term we use to refer to a utility that manages the "spool", and "spool" refers to the ancient (for computing) acronym S.P.O.O.L., meaning "Simultaneous Peripheral Operations On Line".
"Spool" is also a play on what a spooler does: it writes a stream of data that gets stored in a fifo buffer (like thread on a spool) to be read out later (unspooled) to a peripheral device. Originally, that "spool" was a physical spool of magnetic tape that one computer would write, and another computer would read and print
-
-
Wednesday 1st December 2021 17:08 GMT billat29
Re: Malware or just a link to the firmware update site?
Simultaneous Peripheral Operations OnLine.
We're in IBM mainframe days here, It allowed a program to write its output to a file on one of those newfangled disks for subsequent printing on a good old fashioned chain printer. Prior to that, the printer was directly attached to the program and as printers are very very slow, the program would hog the CPU spending nearly all of its time waiting for the printer.
https://www.ibm.com/docs/en/zos/2.1.0?topic=control-spool-data-sets-spooling
-
Thursday 2nd December 2021 10:15 GMT Phones Sheridan
Re: Malware or just a link to the firmware update site?
My printer goes offline when it runs out of colour ink, and won't come back on until a new cartridge is inserted. The usual LCD menu is replaced with a big yellow exclamation mark and a message, and will not perform any configuration functions. Stopping and starting the spooler would probably bypass any windows driven reporting, but not printer hardware blocks.
-
-
Monday 6th December 2021 10:40 GMT weirdbeardmt
Re: Malware or just a link to the firmware update site?
This.
We have several of these but stopped updating the firmware a while back when they tried to bork printers not using OEM ink. So it's now Catch-22... although the financial damage from network pwnage is probably considerably less than having to buy actual HP ink.
-
-
-
Tuesday 30th November 2021 20:37 GMT heyrick
Re: "Updated firmware is available for download from HP, the company said in a statement."
Or is available for the printer you have, but won't install for inexplicable reasons.
(HP took over Samsung's printer range, there's an updated firmware for my little M2022W laser, but nothing will convince it to touch the update...I suspect it might know something I don't, like "HP? Ewww!")
-
Wednesday 1st December 2021 16:18 GMT Eclectic Man
Print queue robustness
Once, when working in a secure site, we switched off the printer at the end of the working day and went home. Next morning, enter the office, turn on the computers and the printer. Printer zooms into life, and prints the classified document it was printing before it got switched off last night. Of course the manufacturer was very proud that their printers would remember the print jobs, and it was a matter of operational robustness that a mere power outage would not lose the print queue.
It was a matter of some concern to the system administrators, how to make sure that just turning on a printer would not reveal highly sensitive information*.
*(Like the day I spent the whole morning quietly working on reviewing the main contractor's documentation, only to discover that my military officer boss had spent it all 'tweaking' his business card design, and the aforementioned 'Main contractor' had been designing the flyer for the upcoming team social event. Completely true, I could give you their names but they'd have to kill me ...)