Is your HP enterprise printer hosting malware for hackers?

“If you’re concerned about security, put your printers are behind a firewall and, if it’s a Hewlett-Packard, make sure port 9100 isn’t open,” says security researcher Chris Vickery.


Well, according to him, hackers have been misusing unprotected printers’ internal storage space to host malicious code – web pages and scripts and executables.

“I don’t know of any big-name targeted attacks involving this kind of technique, but I have seen people brag about using it for various purposes,” he told Security Week.

A simple Shodan search reveals that there are over 21,000 HP printers that have 9100 port open and can be used by attackers in this way.

“There are a few free, open source pieces of software that can be used to upload and interact with HP printer hard drives over port 9100. After uploading to a printer, the file can be accessed by visiting http:///hp/device/ with any web browser,” he explains.

This type of printers is also always on and connected to the Internet, making the stored stash of malicious objects available for download around the clock.

And finally, it’s very likely that this stash can remain undiscovered for quite a while. “Any organization leaving their printers exposed to the internet probably doesn’t have the greatest, if any, logging system in place,” he points out.

To prevent this from happening, HP advises users to disable the PJL/PS filesystem commands (this document explains how), or switching to using Internet Print Protocol over HTTPS instead of Port 9100. In general, users should switch off unused ports and protocols, the company notes.

Vickery has become a recognisable name in the field of security research after he discovered a considerable number of databases exposed online, including that of MacKeeper. Since then, he has been hired by the company and is now leading its new Security Research Center.

More about

Don't miss