Security researchers have discovered multiple hardware and software vulnerabilities in HP multi-function printers that could be used to steal confidential information and remotely pivot through network infrastructure.
Finnish security vendor F-Secure analysed a HP MFP M725z networked printer from 2013, which is still supported and contains firmware from that same year.
Physical access to the printer would allow an attacker "to dump and tamper with all data that is stored on the system and user partitions of the device," the researchers wrote [pdf].
This could lead to leakage of confidential information and the installation of permanent rootkits on the devices.
Examining the firmware yielded further exploitation vectors for the researchers, including running a SOCKS proxy on a printer, allowing an attacker to move laterally through network infrastructure.
That remote code execution vulnerability in the font parsing system could be exploited through a malicious website, or a specially crafted document sent to the printer.
F-Secure estimates that around 150 HP multi-function printer models are vulnerable to the exploits found by the security firm.
The security vendor recommends that multi-function printer users follow HP's security practice advisories to mitigate against the vulnerabilities, including isolating printers on separate virtual local area networks and leaving printing via USB at its default disabled state.
Physical attacks can be detected with anti-tamper stickers on the printers which, if damaged, would reveal unauthorised access to the devices.
