All Blogs

Faxploit: Hundreds of Printers Putting Businesses at Risk of Malware

Printers, along with every other piece of equipment that is on your network, require careful configuration and regular upkeep to ensure that they aren’t putting your data and users at risk. Security researchers recently discovered two massive vulnerabilities in HP Officejet All-in-One printers that make it incredibly easy for hackers to spread malware and gain access to a company’s network.

What You Need to Know

Faxploit is a series of vulnerabilities found in all models of HP Officejet All-in-One printers that allows an attacker to hijack the printer using only a fax number. Once the attacker gains control of the printer, they can elevate privileges across the network and access data or spread malware, such as notorious threats like WannaCry, Cryptowall, and more.
If your company’s fax number is listed publicly and you have an HP Officejet All-in-One printer, your network is at immediate risk. The vulnerabilities also apply to a massive list of other HP inkjet printers, including the HP Envy, HP Deskjet, HP DesignJet, HP PageWide Managed, HP PageWide Pro, HP Photosmart, HP AMP, HP Ink Tank, HP Smart Tank Wireless, and the aforementioned HP Officejet series.

It’s Strongly Recommended That Patches Are Applied

HP has released patches for these vulnerabilities and users are recommended to apply firmware updates. Midnight Blue clients who have a managed services agreement covering your network will be receiving these patches on an ongoing basis. If your business utilizes HP printers and you don’t have a managed contract or you aren’t sure if updates are being proactively applied, we strongly encourage you to immediately reach out to us at 412.342.3800 to have your printers evaluated.
It’s also likely that other devices on your network may be out of date, so fully auditing your entire network for outdated firmware and missing security patches is a good idea. It’s important to remember that everything can appear to be working fine, but the doors could be wide open for threats to sneak in.
Additionally, the team at Midnight Blue can help you proactively monitor and detect threats that attempt to breach your network using real-time, enterprise-level security solutions. With today’s cybersecurity landscape presenting increasingly massive threats to small businesses, doing all you can to protect your data is important. Call the team at Midnight Blue today at 412.342.3800 or click here for more information.