02-02-2017 11:13 PM
02-03-2017 01:37 AM
I have had the same hack. It occcurred during the night time hours and printed the same message on my HP Laserjet printer. It does not have WiFi, however I do have a static IP address and the printer is connected to my Apple wireless router by way of the USB port. So far 2 nights in a row, printed pages appear on my printer. First night it said that same innocuous message. The second sheet showed my IP Address follwed by :9100. The second night, it had no message; just my IP address again. Obviously someone is proving that they can hack through the IP address into the printer to print when all my computer equipment (except printer and router) are shut down.
02-03-2017 04:17 AM
I don't think this is related solely to HP printers as we have had this on a Bizhub printer.
We have had this incident on 3 seperate printers in our organisation in different branches and think it originates for another device on the network. It may be VPN related.
We are currently checking all the devices on the network for malware that has not been picked up by other other installed antivirus programs.
02-03-2017 04:35 AM
What needs to be done to prevent these print outs is the creation of firewall rules to limit traffic to the printers to own IP.
The printers affected probably all have NAT port forwarding rules set to pass jobs over port 9100 to a local printer. If you create a firewall rule to only allow traffic on this port from your ip then this should prevent any other parties sending print jobs to these printers.
Although could be wrong.
02-03-2017 04:37 AM - edited 02-03-2017 04:39 AM
Lookup port scans. Thats all this is. Your printer being wireless has nothing to do with it and your computer doesnt need to be on for it to happen. The short version, an "attacker" sends out packets and scans for an open port on your network, once an open port is found data is sent. If your router is on and your printer is on and in anyway attached, it can happen. Research your router security settings and see if there is a way to block incoming requests. It is in no way an HP issue and I would imagine, most if not all HP printers have no way to stop such "attacks". It is network related. Also, you can check your routers logs to see which port the attacks are coming through and if its not a port your regular systems use for printing, you can block them...in some security settings you can solely block requests from outside of your network. There are so many different routers with so many different configurations. There is no one set answer. You must research your setup for specifics on available options.
02-03-2017 08:23 AM
I found something on youtube https://www.youtube.com/watch?v=ojXpsazraFA and you'll also my post.
Basically, I need to set some security settings in my printer and test it again if this will resolve my problem.
Will keep you updated
02-03-2017 10:35 AM
You can set a password to prevent unauthorized users from remotely configuring the printer or viewing printer settings from the embedded web server (EWS). Once set, this password is required to change or view many printer settings from the EWS.
We have a document on security features for HP Enterprise products.
For consumer OfficeJet products, you may need to assign a password by going to:
Hope this helps.