During a privately funded research by SophosLabs, experts have zeroed in on the loophole created by the toolbox software for HP Laserjet 2500 and 4600. Sophos expertise in virus, spyware and spam analysis to help organisations overcome security limitations on their network.
The identified security risk rests with the toolbox software distributed with the Laserjet 2500 and 4600 printers. The bug in the tool allows hackers to steal information from the never suspecting user’s system. The toolbox uses web interface to access printer options like status, troubleshooting tips, demos and alerts.
“A vulnerability like this opens the door for hackers to spy upon your sensitive information. Not protecting yourself against this problem is like leaving your front door open when you pop down the shops, and expecting to find no-one has stolen your belongings,” said Graham Cluley, senior technology consultant at Sophos. “Users who are running the affected software should upgrade as soon as possible, and everyone should make sure they are fully informed of the latest security notifications.”
Sophos and HP have urged users who are presently using the affected toolbox to upgrade to the latest version. HP needs to ensure that its future and current toolboxes are tested extensively for security limitations and inform customers accordingly.