With opensuse, I booted up my PC then looked at the printer. I noticed all the lights were flashing from one light to another. The printer had a black screen and wouldn’t respond.
I didn’t change any of the settings using the printer direct interface. Then I did a firmware update(HP website download) from a windows boot. Ever since, I have been having to remove viruses from windows at least 5-10 times. I thought I just hadn’t done updates.
After seeing that flashing lights on the printer with opensuse, I unplugged the data cable. I did a search for ‘printer wifi hacked’ and found a lot information. I checked the printer direct interface, searching for wifi. I found that the HP printer had auto-connect turned on. With some work, I turned that off and any other wifi settings. The HP firmware update had turned wifi on, allowing the hack to take place. Printer WIFI was using the default password.
If I use the power key on the printer, it won’t finish startup. I have to unplug it, plug it in again, and press the power key to get it to run.
With opensuse, can someone hacking printer wifi view documents already printed? Redirect and/or copy printer output? Hack into opensuse 15.1? (normal user mode)
I don’t have printer driver info available. This printer had all the features I wanted. I use direct connect printing only. I never use any form of wifi connections. I know next to nothing about connecting with wifi.
How do fix this problem? Change the HP wifi password with wifi off.
A scary security reality! I assume you’ve taken the required steps outlined in this HP Security Advisory.
Some advice also given in this HP thread:
How do fix this problem? Change the HP wifi password with wifi off.
From Windows you should be able to do this via the install software, with the printer attached via USB. Alternatively, if connected via ethernet, it should also be possible to configure the devicet via its inbuilt web-interface as well.
This can be done from the linux installer too. IIRC
HP does have an issue here with their defaults. Until recently I thought I had made a mistake in setting up my HP printer, but some months ago a neighbour ( not in my LAN ) started using the HP app on his Android phone. Coming home from a day at a customer, he asked me if I could help setting up his HP printer since he needed to print some announcement flyers urgently, everything seemed to work, but nothing came out of his printer. In my appartment I found 8 copies…, so the app was able to print to my printer instead of his… Full colour, photo quality … sigh, cartridges almost empty… I checked everything, and by default these machines are wide open. IMNSHO ridiculous. Every single setting to avoid this was off, even worse, settings that allow easy (!) access to the printer were active. As a test I tried if the app could see his printer, which it did so I sent an odt to it. Guess what? It did. I emailed HP support about this, got a thank you reply, but nothing since then.
Again IMNSHO this is a major security issue. End-users should not have to go through Security Advisories etc. The defaults should be safe.
From MSWIN, I did another firmware update offline. Then downloaded and reinstalled hp driver.
From opensuse, is their anything more I can do to increase security? The drivers for this printer don’t exist. I had to use 7800 driver or the most correct driver. I installed hplip to get the printer to work. i clicked taskbar icon and nothing happens.
So, some of my document from opensuse may have been redirected? Or this redirection only from windows?
The drivers for this printer don’t exist. I had to use 7800 driver or the most correct driver. I installed hplip to get the printer to work.
The HP Envy Photo 7855 All-in-one is supported (HPLIP version 3.17.9 onwards) as per the supported printers page, and so you’re using the correct driver (even if it is not listed explicitly as such).
So, some of my document from opensuse may have been redirected? Or this redirection only from windows?
The vulnerability is with the printer, and the idea that once compromised, the device could act as a springboard for deeper network penetration by an attacker. If you’ve updated the firmware as per the security advisory, nothing further should be needed. Good firewall practices notwithstanding.
(the first time) Since I did update the firmware through the HP website, somehow that firmware update was corrupted or had a virus.
I updated the firmware again using a direct download scanned for viruses. I didn’t notice the internet was connected for a few mins during the firmware update. I should another firmware update without internet.
HP Envy Photo 7800 with driver HP Envy Photo 7800 Series, hpcups 3.18.6
Only the windows end was hacked? Not the linux end? I only use the linux end for printing. The HP on win10 is used to do basics like printer alignment.
I don’t think any print jobs from linux were redirected. ??
Only the windows end was hacked? Not the linux end? I only use the linux end for printing. The HP on win10 is used to do basics like printer alignment.
I doubt any host was impacted. Just the printer (based on the vulnerability as described in the HP advisory). Anyway, you’ve updated the firmware now so all should be ok. In general, I recommend avoiding using Wifi-Direct for printing.
I’ve read through all the message and the hp info.
I’m feeling better secure when it comes printer wifi. I always use to wired connections. My modem has no wifi by my request. I only bought this printer since I couldn’t find a printer without wifi with all the features I wanted and supported by linux.
I know this I’ll never buy a wifi printer again. Somehow I’ll find a printer without wifi. This wifi is more trouble than useful. I need to remove the wifi card from my laptop too.
Where is good article on how to take apart an hp printer? (mostly images)
