During Defcon 2018, security researchers from CheckPoint security demonstrated a new vulnerability that affects many of the Hewlett Packard (HP) printers. Using this vulnerability, an attacker only has to send a specially designed file to the HP printer and it will give the attacker not only the complete control of the printer but also that of the computers connected to that printer.
This vulnerability is being called Faxploit because the flaw is in the implementation of the fax modules of the printers. HP has released the firmware updates for all the affected printers and you should install these updates in order to secure your printers against the Faxploit attacks.
Since not all the HP printers are affected, the first thing every HP printer owner should do is to find whether your HP printer is affected by Faxploit. HP has published a big list of all the printers including their product names, product numbers and firmware revision numbers. If your HP printer is listed there, you need firmware upgrade. You can find HP Faxploit affected printers here: https://support.hp.com/in-en/document/c06097712.
HP has made downloading the firmware of HP products very easy. All you have to do is visit the HP software and driver page (https://support.hp.com/redirect/hub/s-002) and enter your printer’s product number or model number. In the page that opens up, you will find all the firmware versions released for the printer. You have to download the latest version of the firmware.
Installing the downloaded firmware is a task best performed by experts. If you have never done anything like this, you should ask help from experienced users or HP technicians. The process basically involves launching the downloaded firmware update installer. But before this ensure that your printer is ready and connected t your PC via the USB cable. Typically, you have to select a printer from the list of HP printers connected to your PC and then click on the “Update” button.
You can find more information about the Faxploit vulnerability at https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/.