HP JetDirect software may have potential to be exploited by attackers, undermining security of printers.
Information Week reports that HP’s DirectJet software, which is used by a number of different printer manufacturers, has the potential to be used “to disable printers, evade physical security checks or recover printed documents” if exploited by hackers.
The software, which is used in internal, external and embedded print servers sold by a number of OEMs, handles any printer request made via a network” by adding information in the form of tags “such as UEL (universal exit language), which notes the beginning and end of data streams; PJL (printer job language), to tell the printer what to do; and PCL (printer control language), which formats pages”. The information then gets “parsed by a printer”.
However, Sebastian Guerrero, a researcher for viaForensics, reportedly identified security problems in the software while testing printers in his spare time, claiming that the tags could be exploited by attackers “to evade security controls built into the devices, such as fingerprint or smart card checks, as well as to knock the machines offline, reprint previously printed documents or even brick the device”.
“By fuzzing tags that are parsed and used by interpreters of PCL/PJL, an attacker could trigger a persistent denial of service affecting a large percentage of models and manufacturers,” noted Guerrero. He added that the tags could also allow attackers to recover documents otherwise stored in encrypted form and reprint them: “All of the heavily encrypted documents a company has on its computers are automatically unprotected once sent to the print queue and are recorded and stored in the history”.
Furthermore, network-connected printers could be disconnected by using the tags, says Guerrero, who noted that “If you modify any of these parameters by inserting an unexpected character, depending on how it is implemented by the parser and interpreter for the specific printer model, you may cause a denial of service, knocking printers offline and forcing them to be reset manually.”
While Guerrero has not detailed specific printer makes and models that could be affected by these issues, he purportedly said that any device using the software would at least be vulnerable to having its authentication bypassed by an attacker.
HP has had previous problems in printer security, with a security flaw reported in December 2011 which saw hackers being able to remotely reprogram the OEM’s LaserJet products with custom firmware that enabled unrestricted access and full control of a device, and in some cases continually heat the fusers until the paper was set alight.
HP is not the first OEM to face such security problems, with The Recycler reporting in November last year on a hard-coded security flaw featured in certain Samsung printer models enabling outside access to the devices. It was also reported in June 2012 that a malware program, the Trojan.Millcenso, was causing printers in various different countries to print huge amounts of useless data and adverts, and in July a second virus, the W32.Printlove worm, was also causing printers to have rogue printing problems.