Certain models of HP combination printer and scanner devices contain a feature that could allow for corporate espionage, according to researchers at web security firm Zscaler.
The feature, called WebScan, allows a user to remotely trigger the scanning functionality and retrieve scanned images via a web browser. This capability could allow anyone on the local area network (LAN) to remotely connect to the scanner and retrieve documents that have been left behind on the scanner, Michael Sutton, vice president of security research at Zscaler, told SCMagazineUS.com
“This does present a fairly significant security issue,” Sutton said.
Zscaler researchers were able to discover numerous HP scanners that were exposed on the internet and were not password protected. As a result, the researchers were able to remotely retrieve a number of sensitive documents from the HP scanners, such as checks, legal documents, completed ballot forms, phone numbers and certificates.
Zscaler has released a script on its blog to help users determine if they have any HP scanners on their LAN. Users can help prevent the function from being abused by setting an admin password for their device, Sutton said.
More details :- http://www.scmagazineus.com/certain-hp-scanners-can-permit-snooping-and-spying/article/178164/
