Feeds

Watch out, office bods: A backdoor daemon lurks in HP LaserJets

Aah, telnet. We meet again

Providing a secure and efficient Helpdesk

A range of HP LaserJet printers suffer a security flaw that can leak data and passwords, the US Computer Emergency Response Team (CERT) warns. Users have been told to apply the firmware patches issued by HP that resolve the issue.

HP says the security risk arose after it was discovered that several models of HP LaserJets feature a "telnet debug shell which could allow a remote attacker to gain unauthorized access to data". Essentially, this means the printers can be accessed through a telnet session without requiring a password - allowing unauthenticated remote attackers to gain access to unencrypted data using this telnet daemon.

Security bods have suggested that HP's developers mistakenly left the debugging aid in the firmware of the affected printers.

"Debugging code is an all-but-unavoidable part of any development project, aimed at helping you to understand more precisely how your code behaves internally," explained Paul Ducklin, Sophos's head of technology for Asia Pacific, in a blog post.

"This often means that debugging code is a security nightmare, since it may allow software behaviour which is unsuitable for a shipping product, such as introspection (a fancy word for peeking inside data structures that are usually off limits to other users), and authentication bypasses. So, debug code is typically compiled out altogether in a release build."

Ducklin added that Telnet is "unencrypted, insecure and out of place in 2013".

HP has patched the afflicted firmware for the affected printers. Users of a wide range of HP printers are advised to apply the update. It listed the vulnerable kit as: HP LaserJet Pro P1102w, HP LaserJet Pro P1606dn, HP LaserJet Pro M1213nf MFP, HP LaserJet Pro M1214nfh MFP, HP LaserJet Pro M1216nfh MFP, HP LaserJet Pro M1217nfw MFP. HP HotSpot LaserJet Pro M1218nfs MFP, HP LaserJet Pro M1219nf MFP, HP LaserJet Pro CP1025nw and HP LaserJet Pro CP1025nw.

HP's advisory (support document) is here. German security researcher Christoph von Wittich of Hentschke Bau gets the hat tip for finding the vulnerabilities. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.