HP patches LaserJet security holes

[nsane.forums]

However, the company did not provide any guidance about which printers are affected or which drivers need updating.

If you own a LaserJet printer made by HP, you might want to look into updating the firmware to avoid potential hacker attacks.

About a month after MSNBC ran a heavily-hyped story that warned about printer security vulnerabilities that exposed users to “devastating attacks,” HP released a firmware update to mitigate the issue.

However, the company did not provide any guidance about which printers are affected or which drivers need updating.

HP LaserJet owners are urged to visit HP’s support page (http://www.hp.com/support) and visiting the “drivers and software” section.

According to the MSNBC article, which was based on the work of researchers from Columbia University, the affected printers can be remotely controlled by computer criminals over the Internet, with the potential to steal personal information, attack otherwise secure networks and even cause physical damage.

View: Original Article

[AlienForce1]

Watch it on YouTube : 28c3: Print Me If You Dare

(Ang Cui, Jonathan Voris: Print Me If You Dare -> Firmware Modification Attacks and the Rise of Printer Malware)

The researcher says that there are ~ 76.500 LaserJet printers vulnerable to this type of attack (in the video you can see the list of printers) .

We first present several generic firmware modification attacks against HP printers. Weaknesses within the firmware update process allows the attacker to make arbitrary modifications to the NVRAM contents of the device. The attacks we present exploit a functional vulnerability common to all HP printers, and do not depend on any specific code vulnerability. These attacks cannot be prevented by any authentication mechanism on the printer, and can be delivered over the network, either directly or through a print server (active attack) and as hidden payloads within documents (reflexive attack).

In order to demonstrate these firmware modification attacks, we present a detailed description of several common HP firmware RFU (remote firmware update) formats, including the general file format, along with the compression and checksum algorithms used. Furthermore, we will release a tool (HPacker), which can unpack existing RFUs and create/pack arbitrary RFUs. This information was obtained by analysis of publicly available RFUs as well as reverse engineering the SPI BootRom contents of several printers.

Next, we describe the design and operation a sophisticated piece of malware for HP (P2050) printers. Essentially a VxWorks rootkit, this malware is equipped with: port scanner, covert reverse-IP proxy, print-job snooper that can monitor, intercept, manipulate and exfiltrate incoming print-jobs, a live code update mechanism, and more (see presentation outline below). Lastly, we will demonstrate a self-propagation mechanism, turning this malware into a full-blown printer worm.

Using HPacker, we demonstrate the injection of our malware into arbitrary P2050 RFUs, and show how similar malware can be created for other popular HP printer types. Next, we demonstrate the delivery of this modified firmware update over the network to a fully locked-down printer.