Printer Hack

Printer Hack: These small lines of codes can let anyone hack printer

Researchers have discovered a serious remote code execution vulnerability in various Hewlett Packard (HP) enterprise printer models. This vulnerability could be abused by hackers to run arbitrary code on affected printer models remotely.

The vulnerability was found by researchers from Foxglove Security while investigating the HP PageWide Enterprise Color MFP 586 and the HP Color LaserJet Enterprise M553. These printers have advanced security features including BIOS verification, firmware signature validation, and run-time intrusion detection.

[Keep Your PC secured with these antivirus]

The vulnerability (CVE-2017-2750) is rated high in severity because Dynamic Link Libraries (DLL) is not properly validated, which allows executing arbitrary code on affected printer models.

Researchers analyzed BDL binary format files used by HP firmware updates and HP Solutions. They also managed to extract a ZIP archive from a BDL file and then replaced the original file with an archive that had the same name, length and CRC-32 checksum but had different contents.

ALSO READ  A guy made a jackpot of Rs 1 Crore for making digital transaction!
printer hack
BDL file with highlated ZIP and CRC-32 calculated

But they failed to upload a malicious firmware to the device due to the signature validation mechanism.

printer hack
signature validation error

However, they also found a flaw in DLL signature validation algorithm and bypassing the signature validation they were able to upload malicious firmware to the device.

printer hack code execution

print hack code execution
successful remote code execution

FoxGlove Security has made the source code of the tools to create the malware available on GitHub, including the proof-of-concept (PoC) malware payload that could be remotely installed on the printers.

[Follow these tips to secure your Bank Account]

Actions performed in proof-of-concept (PoC) malware:

  1. It downloads a file from http://nationalinsuranceprograms.com/blar
  2. Executes the command specified in the file on the printer
  3. Waits for 5 seconds
  4. Repeat

How to protect your HP printers?

HP has released a patch for this vulnerability. From Support, select Software & drivers and search for your model. Download the patch from the result and protect your device.

LEAVE A REPLY

Please enter your comment!
Please enter your name here