Your HP Printer’s Hard Drive Can Be Used by Hackers To Host Malicious Files

Security researcher Chris Vickery has discovered that hackers can abuse HP LaserJet Printers and host malicious files on their hard drive.

The famous security researcher Chris Vickery is known for discovering 191 million US voter registration records online. He is the same guy who found 3.3 million hacked Hello Kitty accounts — That’s not all, he also found 13 million Mackeeper credentials of the Dark Web but now he is in the news for exposing a very strange security flaw in HP laserJet Printers.

The researcher has revealed that HP LaserJet printers can be easily abused by hackers. Vickery identified that the hard drives of HP LaserJet Printer can be used as a secret data storage unit by cyber criminals due to the presence of a default setting that can set-up an FTP server through port9100.

This particular setting is mostly part of HP LaserJet’s commercial (or business grade) series printers and it lets the employees of a company host large data troves on the device during printing.

The files that are uploaded on the printer using this feature can be usually accessed at:

 http://  /hp/device/ .

The upload and download operations stored on this anonymous FTP server are tackled through port 9100.

In case, a system admin forgets to secure the equipment with a firewall or if the device contains a publicly accessible IP address, then it is quite likely that a malicious actor could access the device through port 9100 and use the printer as a secret storage device to store or even host malicious files. It happens so because such devices are placed on corporate networks.


Such files could be anything from illegal copyrighted material to malicious scripts, etc. These can be saved and accessed without alerting the company or any of the employees with ease from the device.

It is also very much possible that the hacker’s identity remains unidentified because the only hint of such an activity that is left is in the network logs. However, not many systems admins scan for traffic that moves in-and-out of the printer.

Vickery states:

“This kind of printer is usually powered up and online twenty-four hours a day. Even in sleep mode, it will still host files. And who checks the contents of their printer’s hard drive? What are the odds of this hacker’s secret stash ever being discovered? Pretty low if you ask me.”

Moreover, Vickery suggests that the only method that can be utilized to protect the printer from facilitating cyber-crimes is to secure it with a firewall. Disabling the FTP storage if not being used may also help greatly.

When LaserJet and port9100 were searched on Shodan (for which you need to log-in first) it showed 20,000 exposed printers that were openly accessible right now. This means the issue is a grave one indeed. 

Related Posts