Printer Hack: These small lines of codes can let anyone hack printer
Researchers have discovered a serious remote code execution vulnerability in various Hewlett Packard (HP) enterprise printer models. This vulnerability could be abused by hackers to run arbitrary code on affected printer models remotely.
The vulnerability was found by researchers from Foxglove Security while investigating the HP PageWide Enterprise Color MFP 586 and the HP Color LaserJet Enterprise M553. These printers have advanced security features including BIOS verification, firmware signature validation, and run-time intrusion detection.
The vulnerability (CVE-2017-2750) is rated high in severity because Dynamic Link Libraries (DLL) is not properly validated, which allows executing arbitrary code on affected printer models.
Researchers analyzed BDL binary format files used by HP firmware updates and HP Solutions. They also managed to extract a ZIP archive from a BDL file and then replaced the original file with an archive that had the same name, length and CRC-32 checksum but had different contents.
But they failed to upload a malicious firmware to the device due to the signature validation mechanism.
However, they also found a flaw in DLL signature validation algorithm and bypassing the signature validation they were able to upload malicious firmware to the device.
FoxGlove Security has made the source code of the tools to create the malware available on GitHub, including the proof-of-concept (PoC) malware payload that could be remotely installed on the printers.
Actions performed in proof-of-concept (PoC) malware:
- It downloads a file from http://nationalinsuranceprograms.com/blar
- Executes the command specified in the file on the printer
- Waits for 5 seconds
How to protect your HP printers?
HP has released a patch for this vulnerability. From Support, select Software & drivers and search for your model. Download the patch from the result and protect your device.