You are a proactive business owner, you subscribe to a service to patch all your computers for a monthly fee, your network and systems are safe? Correct? A Patched Systems is a good System? Right?
Not so fast.
Most MSP’s focus on what they have an agent installed on, WSUS will patch Windows Machines but are you watching the other computers in your origination? Your printers, your network attached security cameras, your wifi controllers?
This is another example where an external security firm coming in to do a vulnerability scan becomes useful. Especially one that is not using that scan to “Find Work” for their Managed Service Practice.
The Target breach came about from a compromised HVAC control system (https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/) and now there is a new exploit that will allow your HP Printer become an information gathering point for your network!
The Security team at Foxglove used a tool called PRET (the PRinter Exploitation Toolkit) http://hacking-printers.net/wiki/index.php/Main_Page to compromise HT’s Laserjet Enterprise Printers. The also found the same security holes in printers by Dell, Brother, HP, Konica, OKI, and Samsung but reported the security hole to HP at the end of August! With this exploit it is trivial to get copies of any print job in the system, including those that are protected by a PIN number.
Running quarterly security audits helps your IT Team by finding the exploits hackers use such as this. We get this information to your technology team so they can be fixed quickly and securely. Running the scans quarterly gives you, the business owner, the assurance that the found flaws have been addressed and your Tech Team is doing their job.
The flaws exploit security holes in the Post Scrip and PJL languages.
Why did Foxglove target HP’s Printers? Easy, Because of this HP ad. https://youtu.be/U3QXMMV-Srs giving the impression that not buying a HP printer would be an insure move!
The Foxglove security team release their tools on Git Hub for anyone to check out
The full attack can be read here
A fix has been released for the affected HP Printers, https://support.hp.com/nz-en/document/c05839270