If you or your company uses an All-In-One Fax, you need to read this now

Kick Back and Relax in the Cheers! Forum. Thoughts on life or want advice or thoughts from other pca members. Or just plain "chill". Originator of da Babe threads.
Post Reply
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

If you or your company uses an All-In-One Fax, you need to read this now

Post by FlyingPenguin »

Check Point Software Technologies discovered a serious security flaw in ALL HP all-in-one fax printers (and may likely exist in other brands since they all use the same fax protocols).

By sending a specially crafted fax transmission to an all-in-one HP scanner/printer/fax they can hack the printer's internal processor and use it as a beach head to attack the entire network the printer is connected to. This can only happen on a printer actually connected to a phone line (the attack comes as a fax transmission). If you have one of these printers and never have it connected to the phone line, then you're okay (a firmware update wouldn't hurt though).

Steve Gibson just referred to this as possibly the worst exploit in years. Think about it - every company posts their fax number publicly online. All you need is that fax number in order to attack that company's network and, install ransomware on the company servers and workstations, or steal private data. This is compounded by the fact that most people - even IT admins at companies - generally don't bother upgrading printer firmware. This is an easy attack and your network can be totally owned this way.

HP was informed of this flaw and released firmware updates to fix it for all their models. The firmware has been available for a couple of weeks and Checkpoint just made a public disclosure of the exploit.

I just updated my own HP Color Laserjet Pro all-in-one (HP firmware updates are easy - just download an .exe file and run it).

I would recommend everyone (but especially businesses) update the firmware on any HP all-in-one printer RIGHT NOW. I would also seriously consider disconnecting any other brand of all-in-one fax printer from the phone line until you can be sure it doesn't have the same problem and until it's fixed if it does.

https://blog.checkpoint.com/2018/08/12/ ... x-exploit/
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
User avatar
Losbot
Almighty Member
Posts: 4991
Joined: Sun Jul 13, 2014 8:59 am
Location: South Florida

Re: If you or your company uses an All-In-One Fax, you need to read this now

Post by Losbot »

Thanks. Updating my HP all-in-one now.
Post Reply