2

I just picked up a used HP Envy 5530 multifunction printer for $3 at a junk shop. The printer appears to be working and I would like to give it to my parents who need a new printer.

That said, I am concerned that the printer may pose a security risk based on articles I have read that show how badly secured and potentially compromised many IoT devices are.

I have no specific reason to believe that this printer is infected with malware, I am just concerned that it may be based on my very limited understanding of computer security and what I read in the tech news.

What I know about the printer (this is based on connecting to it directly - i.e. I turned on its wifi direct feature and connected to it via wifi from an old macbook that is running chrome OS - which I can wipe clean after this session):

  1. It runs a web server that is used to control its more advanced functions.
  2. There is no password set by default on access to this server.

  3. Running a port scan on its IP address (192.168.223.1) gives me the following open ports:

    80 (http) 443 (http over ssl) 8080 (http proxy)

  4. It is already running the latest version of the firmware from HP

  5. By default it includes AirPrint, HP Wireless Direct (which I am using to connect to it at the moment), and has the Internet Printing Protocol enabled.
  6. It also includes the ability to install "apps" from the HP store, but this functionality does not appear to have been enabled when I bought it.
  7. I can look at the logs that the printer keeps and see that it was used (at least as far as these logs indicated) for a grand total of 45 pages.

Searching this forum came up with some results that are interesting, but the bit I am not clear on is the "connected directly to the internet" part.

This post: Attacking an office printer? discusses how vulnerable printers are (and, in fact this printer follows the bad practice of not having even a default password). But presumably (though I have no proof of this) this machine was always connected to the internet via a consumer grade firewall. Does that mean it is protected (to the extent that the consumer grade firewall actually works)? What about the Internet Printing Protocol? The blurb on that page seems to indicate that that means one can print from anywhere on the internet. How does this device expose itself to the internet such that that is possible (especially if it is behind a router using NAT)?

Should I risk plugging it into my local network? Would you?

Community
  • 1
bvz
  • 123
  • 3

1 Answers1

3

If the printer is behind a NAT, computers on the Internet can not connect directly to the printer. Whether or not the printer supports IPP makes no difference.

The open ports and the missing default password do increase the attack surface, but do not indicate any vulnerabilities that can be used to access the printer. It may well be possible for an attacker to print something on the printer without permission, but I find it unlikely that the printer has malware on it.

That said, I don't know the specifics of this printer and it is impossible to say whether it is infected without further investigation.

Before connecting the printer to the network, it would be a good idea to reset factory default settings on it, and set a password.

Sjoerd
  • 28,707
  • 12
  • 74
  • 102
  • Thanks for the help. One more quick addendum that shouldn't really change your answer but... I found out that my port checking tool only checks the 18 most common ports. So there may be other open ports. But your answer seems to already take that into account, so I think I will risk using the printer. Thanks so much. – bvz Jan 18 '17 at 04:19