Fax Vulnerability in HP Printers

 

 

Konica Minolta Responds To MFP Fax Security Vulnerabilities

 

The vulnerability of multifunction printers (MFPs) to hacking attempts to gain complete control over the printer via the Fax line was made public in August by researchers from Check Point Solutions Technologies. The research conducted was specific to HP Inket All-In-One printers.
 

The results showed that an attacker could gain control over the printer by using a crafted JPEG color payload, and subsequently infiltrate network devices connected to the printer.
 

Though this research targeted HP devices, the resulting report mentioned that similar vulnerabilities could exist in products from other fax vendors since the research covers the fax communication protocols in general.
 

As an outcome of this research, Konica Minolta investigated the possibility of its MFP products having similar vulnerabilities and risks. Upon careful review and examination, we determined that the vast majority of Konica Minolta MFP products have no such vulnerabilities and risks.
 

However, the investigation did uncover that the following models are vulnerable to a different fax security issue – one that is strictly related to color faxing:
 

  • bizhub 4422/3622
  • bizhub 4020/3320
 

Remedy

Disabling the “Enable Color Fax Receive” feature on a bizhub 4422/3622 or bizhub 4020/3320 device will block the ability to exploit this vulnerability. In the unlikely situation that color fax reception is required on these monochrome print devices, there is a firmware update available. Please consult with your authorized Konica Minolta Service representative for further details.
 

References

Listed below are links to the National Vulnerability Database if you would like more information regarding the reported issues discovered on the HP printers.
 

https://nvd.nist.gov/vuln/detail/CVE-2018-5924

https://nvd.nist.gov/vuln/detail/CVE-2018-5925
 

At Konica Minolta, we continue to monitor security trends and take appropriate action when necessary to help ensure the security of our devices.