Security Flaws Leave Networked Printers Open To Attack
Attackers can exploit HP JetDirect software, used by numerous printer manufacturers, to disable printers, evade physical security checks or recover printed documents.
Printers that use popular print server software sold by Hewlett-Packard are vulnerable to attacks that can bypass built-in biometric defenses, recover previously printed documents and crash all vulnerable machines attached to a network.
That warning comes from viaForensics researcher Sebastian Guerrero, who said he identified the security problems in HP's JetDirect software while testing printers in his spare time.
JetDirect software is used in internal, external and embedded print servers sold by numerous printer manufacturers -- everyone from Canon and Lexmark to Samsung and Xerox. The software handles any printing request made via a network, in part by adding additional information, which then gets parsed by a printer. This additional information is in the form of tags such as UEL (universal exit language), which notes the beginning and end of data streams; PJL (printer job language), to tell the printer what to do; and PCL (printer control language), which formats pages....