Printer SecurityHP has been highlighting the very real dangers of organisations being left vulnerable to printer security breaches or hacks through connected printers – and it seems that educational institutions are especially open to potential exploitation. The company has highlighted one recent report in The Washington Times (see http://www.antisemitismwatch.com/tag/the-washington-times/), where a security breach occurred through printers in several US universities and colleges.

An apparently known hacker reportedly used a freely-available tool to scour the Internet for vulnerable devices that could be remotely accessed and claims to have identified, within minutes, around 29,000 printers that were connected to the Internet and could be exploited through an open port, then automated a procedure that asked each vulnerable machine to print a “hate” flyer. These documents were subsequently discovered at various sites, including Princeton University, Northeastern University, UMass Amherst, Smith College, Mt. Holyoke, University of California at Berkley and Depaulia.

HP noted that while this appears to be nothing more than a stunt, it could have been much worse, if data had been stolen. The hacker used an unsecured port (9100) and accessed printers with public IP addresses to push a print job. He could have just as easily intercepted data through a man-in-the-middle attack, accessed data on the device, used the printer as a portal to the company network or even disabled the device.

Security is an on-going challenge for customers and HP takes it very seriously. The company has developed its printers to ensure they and the documents they process are always secure. HP resellers can offer a free assessment of HP printer security vulnerabilities, using the HP Security Print Analysis tool.