<div dir="ltr"><p style="color:rgb(51,51,51);font-family:Georgia,'Times New Roman','Bitstream Charter',Times,serif;font-size:13px;line-height:19px">It isn't news that printers and multifunction devices hold a plethora of confidential information that is an easy target for attackers. There have been <a href="http://nakedsecurity.sophos.com/2012/01/05/hp-patches-printer-firmware-flaw/" target="_blank">far and wide</a> complaints of vulnerable firmware across a magnitude of devices. That hasn't changed much for printer manufacturers who insist on packing more and more functionality into their devices. I was contemplating on buying a new dot-matrix printer connected to my parallel port, when this happened; researchers have been able to use acoustic side channel attacks to recover the contents of a medical prescription printed by a doctor. The same attack was used to recover data from PIN mailers printed by a bank on a secure form. Having said this, even dot-matrix printers are <a href="http://www.infsec.cs.uni-saarland.de/projects/printer-acoustic/" target="_blank">not secure</a>.</p>
<p style="color:rgb(51,51,51);font-family:Georgia,'Times New Roman','Bitstream Charter',Times,serif;font-size:13px;line-height:19px">Then, there is this "<a href="http://www.youtube.com/watch?v=okhfDsKmAoY&feature=youtu.be">news piece</a>" from the Netherlands. Talks about the e-print functionality in default installations of HP printers. They might be sensationalist news items, but the claims of corporate espionage and individual privacy are not far fetched. While you are reeling from the sheer insecurities of these "traditional home appliances", another news piece comes out and says, you can access over 85,000 printers publicly<a href="https://www.google.com/#hl=en&tbo=d&output=search&sclient=psy-ab&q=inurl:hp%2Fdevice%2Fthis.LCDispatcher%3Fnav%3Dhp.Print" target="_blank"> indexed </a>on Google.</p>
<p style="color:rgb(51,51,51);font-family:Georgia,'Times New Roman','Bitstream Charter',Times,serif;font-size:13px;line-height:19px">Unless you haven't already seen <em><a href="https://viaforensics.com/security/exploiting-printers-via-jetdirect-vulns.html" target="_blank">Sebastián Guerrero’s</a> </em> post, JetDirect is also broken.</p>
<p style="color:rgb(51,51,51);font-family:Georgia,'Times New Roman','Bitstream Charter',Times,serif;font-size:13px;line-height:19px">Feel free to enjoy your preferred brand of a caffeine drink while you watch this <del style="color:red">expose </del>news item and come up with an idea to do all of this on a cool 3d printer.</p>
</div>