From SentinelLabs, a critical vulnerability in HP printer drivers:
Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers (also used by Samsung and Xerox), which impacts hundreds of millions of Windows machines.
If exploited, cyberattackers could bypass security products; install programs; view, change, encrypt or delete data; or create new accounts with more extensive user rights.
The bug (CVE-2021-3438) has lurked in systems for 16 years, researchers at SentinelOne said, but was only uncovered this year. It carries an 8.8 out of 10 rating on the CVSS scale, making it high-severity.
Look for your printer here, and download the patch if there is one.
EDITED TO ADD (8/13): Here’s a better list of affected HP and Samsung printers.
Posted on July 22, 2021 at 10:41 AM •
This is a weird story: researchers have discovered that an audio driver installed in some HP laptops includes a keylogger, which records all keystrokes to a local file. There seems to be nothing malicious about this, but it’s a vivid illustration of how hard it is to secure a modern computer. The operating system, drivers, processes, application software, and everything else is so complicated that it’s pretty much impossible to lock down every aspect of it. So many things are eavesdropping on different aspects of the computer’s operation, collecting personal data as they do so. If an attacker can get to the computer when the drive is unencrypted, he gets access to all sorts of information streams—and there’s often nothing the computer’s owner can do.
Posted on May 17, 2017 at 6:32 AM •
Today’s item from the NSA’s Tailored Access Operations (TAO) group implant catalog is IRONCHEF:
(TS//SI//REL) IRONCHEF provides access persistence to target systems by exploiting the motherboard BIOS and utilizing System Management Mode (SMM) to communicate with a hardware implant that provides two-way RF communication.
(TS//SI//REL) This technique supports the HP Proliant 380DL G5 server, onto which a hardware implant has been installed that communicates over the I2C Interface (WAGONBED).
(TS//SI//REL) Through interdiction, IRONCHEF, a software CNE implant and the hardware implant are installed onto the system. If the software CNE implant is removed from the target machine, IRONCHEF is used to access the machine, determine the reason for removal of the software, and then reinstall the software from a listening post to the target system.
Status: Ready for Immediate Delivery
Unit Cost: $0
Page, with graphics, is here. General information about TAO and the catalog is here.
“CNE” stands for Computer Network Exfiltration. “Through interdiction” presumably means that the NSA has to physically intercept the computer while in transit to insert the hardware/software implant.
In the comments, feel free to discuss how the exploit works, how we might detect it, how it has probably been improved since the catalog entry in 2008, and so on.
The plan is to post one of these a day for the next couple of months.
Posted on January 3, 2014 at 12:20 PM •
It’s a serious vulnerability. Note that this is the research that was mistakenly reported as allowing hackers to set your printer on fire.
Here’s a list of all the printers affected.
Posted on January 6, 2012 at 1:50 PM •
It’s the kind of research result that screams hype, but online attacks that have physical-world consequences are fundamentally a different sort of threat. I suspect we’ll learn more about what’s actually possible in the coming weeks.
HP has issued a rebuttal.
Posted on December 2, 2011 at 1:17 PM •
This is cool technology from HP:
Each printer with the ePrint capability will be assigned its own e-mail address. If someone wants to print a document from an iPhone, the document will go to HP’s data center, where it is rendered into the correct format, and then sent to the person’s printer. The process takes about 25 seconds.
Maybe this feature was designed with robust security, but I’m not betting on it. The first people to hack the system will certainly be spammers. (For years I’ve gotten more spam on my fax machine than legitimate faxes.) And why would HP fix the spam problem when it will just enable them to sell overpriced ink cartridges faster?
Any other illegitimate uses for this technology?
EDITED TO ADD (7/13): Location-sensitive advertising to your printer.
Posted on June 18, 2010 at 1:37 PM •
Sidebar photo of Bruce Schneier by Joe MacInnis.