HP Officejet All-in-One: An unlikely spy tool

For discussions about security.
Post Reply
Message
Author
User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

HP Officejet All-in-One: An unlikely spy tool

#1 Post by Flash »

http://blogs.techrepublic.com.com/secur ... ag=nl.e036
As Officejet web pages are showing up on the Internet. Mr. Sutton came up with a clever way to find them. Since the web servers are facing the Internet, all that’s required is to run a search query for common phrases used on these particular web pages............

HP Officejet products by default are not password protected. So a vast majority of the devices I found were wide open. I could change any of the settings that I wanted to. Then if I wanted to be nasty, I could create an admin password, locking the respective users out of their own Officejet printer/scanner..............

The newer versions of HP Officejet products incorporate a feature called Webscan. This gives remote users the ability to initiate a scan and retrieve the scanned image........

As everything is web based, an enterprising but disgruntled employee could simply write a script to regularly run the scanner in the hopes of capturing an abandoned document. The URL used to send the web scanned documents to a remote browser is also completely predictable......
Actually I think most modern scanners and copiers save everything on an internal hard disk drive. If you could gain access to that drive through the browser, you'd have a copy of every document that had been put through the scanner.

What I want to know is, why did HP put the remote scan feature in? It makes no sense to me. Have you ever wished you could initiate a scan from a remote location? You'd have to remember to leave a document in the scanner. Why wouldn't you just go ahead and scan it and send the file to wherever, or put it on a flash drive and take it with you?

PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#2 Post by PaulBx1 »

What I want to know is, why did HP put the remote scan feature in?
Mindless, creeping featuritis? Or maybe a request from the support group so they can remotely check the results of a scan that a customer is having problems with? Or maybe a bribe from the NSA?

We will never know.

Post Reply