Could Your Printer Be Vulnerable to an Attack?

I know we’re sick of security warnings, myself included. But have you ever thought of your printer as a security threat? A recent article by Tenable, a network security firm, referenced some unexpected issues with a line of Hewlett-Packard (HP) printers, including the default settings. Regardless of your brand, I would be inclined to check your printer settings. The reason is that automatic updates for your printer may not be enabled. In the case of HP, there are significant security issues that should be patched. We need to start thinking of printers like computers.

After reading the Tenable article, I decided to go to the HP Advisory. It seems this particular vulnerability was disclosed and patched by HP. However, I found the advisory confusing, and the support link didn’t work.

HP bad support link
Bad Support Link

When I clicked their link, I would get this 404 error page. I tried to click the link in several different browsers and also tried incognito sessions. And yes, I have reported the broken link.

HP 404 Error
HP 404 Error

If I manually enter www.hp.com/support, I am redirected to a working page for my country.

About Those Firmware Updates

The security researchers at Tenable decided to dig deeper. In doing so, they discovered that the suggested steps wouldn’t work in all cases. The default setting for some printers is not to check for firmware updates, as the picture below shows. (Note: This photo is originally from Tenable, and I applied the markup.)

default printer settings
Default Printer Settings – Updates off

The bottom line is to remember your printer is also software controlled and probably has updates. But, you’ll never get them if your updates are turned off.