Printer

In the past the printer has tended to be a pretty dumb device, but as they’ve gained more features and extra connectivity printers have become a target for attacks and potentially a way of gaining access to networks.

A new report from HP Wolf Security, based on global study of 800+ IT and security decision-makers (ITSDMs), highlighs the challenges of securing printer hardware and firmware.

Printer owners have several options when it comes to supplying their printers with ink. The two main choices are to buy first-party or third-party printer ink. The former is official, the latter less expensive. Both options work well, provided that manufacturers do not manipulate printers to block support for third-party ink cartridges.

Printer manufacturers like HP have a vested interest that customers purchase first-party printer ink or, even better, subscribe to printing plans. HP CEO Enrique Lores confirmed to CNBC Television that HP loses money with each printer sold and that the company makes money with printer ink sales and subscriptions.

Researchers at F-Secure have discovered vulnerabilities in more than 150 HP multifunction printer (MFP) products. These could allow attackers to seize control of vulnerable devices, steal information, and further infiltrate networks to inflict other types of damage.

HP has issued patches to address the vulnerabilities which include exposed physical access port vulnerabilities (CVE-2021-39237) and font parsing vulnerabilities (CVE-2021-39238).

Security researchers from SentinelOne have uncovered an ancient vulnerability in the drivers used by printers from three big manufacturers.

The high-severity security vulnerability -- which is being tracked as CVE-2021-3438 -- affects drivers for HP, Samsung and Xerox printers and has evaded detected for 16 years. In all, around 400 printer models are at risk, leaving millions of printers exposed to the danger of the serious privilege escalation vulnerability.