New HP Printer Google Hack via Port3000
Blogger Adam Howard over at Port3000 has found a very cool new Google Hack for finding unsecured HP Printers. A lot of these time out, but for those that work, the day gets interesting.
You do need Java to make the admin screen work, and these seem to work better in Internet Explorer than they do in Firefox or Chrome. Of course if you decoupled Java, you might just want to turn it back on again.
This is pretty impressive, the Google hack returns some 86,000 HP Printers that are left connected to the internet, and in many cases direct access to the administration screen. I can confirm that some of these printers are running older versions of Java making this much more interesting to get a toe hold into an organization by exploiting the printer. Because it exposes printers and the admin screens are not locked down I am giving this a four star risk rating out of five stars. There is way too much mayhem that can be caused here, and there is no reason to leave a printer exposed on the internet without as much as a password in many cases. Or the default password left in place for HP Printers.
The Google Dork is:
Overall because of the risks involved with this one, and the ability to get to the admin screen of the printer sometimes without a username or login, or default HP Printer user name and login you can pretty much so bet that the majority of these printers are already compromised as this has shown up on Reddit and on Slashdot.
Remember to secure everything you have, because if you don’t, Google and Shodan are going to expose what you have on the network to everyone in the whole world.
And it is kind of silly to leave the printer port open on the firewall for anyone to see and explore.
(Cross-posted @ Managing Intellectual Property & IT Security)