HP Printer Bloatware & Wifi Security
After experiencing each of the major printer brands, I quite liked HP for their quality and reliability. A short while back, I was on the prowl for a new printer and happened to come across a couple of wireless printers. Being a geek, I immediately knew this was some tech that I definitely needed in my life…
Being an HP fan-boi, I eventually chose a printer from the HP PhotoSmart series … after I had performed sufficient research on all the ‘final’ candidates. Skip forward a couple of months and it was time for the “Great Re-deployment and Re-securing” initiative, or what I like to call it … OMG-Reformat-Alles!
The systems are re-installed and reconfigured from scratch, with any new/improved security measures deployed as well.
Anything that is taken across from the previous system is carefully inspected, and rarely includes any binary/executable content.
Why do I do this? Well, it’s simply part of my belief that you need to secure your systems as if they have already been compromised.
So, all systems were completed but now I had to reconfigure the HP wireless printer to connect to my new wifi network along with a newer/longer key.
At this point, since my printer lacked any wired interface, I only had two choices: either I installed HP bloatware onto my wife’s system and then configure the printer through a USB connection; or I configure the printer over wifi.
Being a geek, I chose the latter.
Since my previous wifi network was already decommissioned, the printer was not accessible through it.
Following some guidance from the great Google, I attempted to switch the printer into ad-hoc wireless mode.
In this mode, the printer should be accessible through an ad-hoc network named hpsetup
.
Boi, I didn’t expect the heartache that was coming!
The printer’s tiny screen display is crap for anything but scanning/coping/office-functions.
Furthermore, it’s a maze of options where I would sometimes find myself being directed to menu A from an option in menu D.
Fortunately, I managed to re-enable the printer’s wifi with default settings.
Unfortunately, the ad-hoc hpsetup
network was nowhere to be found.
After much debugging and printing-out-of-printer-settings, I realised that the printer (for some super-arb reason) was attempting to connect to a wifi AP named something like Sigma-blah-foo-blah-EOL
.
Incidentally, I decided to use this Sigma
name for the WPA practicals that I created for the new SensePost Wireless Hacking course.
At this point, I could connect to the printer by running an open network named Sigma-blah-woteva-foo-EOL
but I still had to get my WPA2 settings onto the printer so that it could connect to my primary network.
This was accomplished, through the printer’s web interface, as follows:
- Over the open network, transfer credentials for a WEP network. Reboot printer.
- Over the WEP network, transfer credentials for a WPA2 network. Reboot printer.
- Over the WPA2 network, transfer credentials for a 2nd WPA2 network. Reboot printer.
- Over the 2nd WPA2 network, transfer credentials for the primary wifi network. Reboot printer.
At this point, the HP printer was finally on my primary wifi network.
Discussing this with some colleagues, there were a few that felt my actions were a bit extreme and simply displayed my paranoia. Reflecting on my actions personally, I believed that I took a shortcut by simply using a WEP-WPA2-WPA2 combination even though all chosen keys were helluva-long.
Why? Well, simply put … each AP with improved security was actually compromised by the previous less-secure AP. Credentials for the WEP network were sent over the open network, while credentials for the first WPA network were sent over the WEP network etc. Using this knowledge, any attacker could simply decrypt traffic for AP(x) by locating its key within the AP(x-1) traffic.
I hardly believe that my actions have compromised my network in any manner simply because: firstly, I performed the conversion during the early hours of a weekday morning; and secondly, I monitored my AP network closely throughout the process. Anyway, I have a number of defense-in-depth tricks waiting for unsuspecting intruders 😈
Your Thunks
If you were going to configure your wireless printer (that doesn’t have a wired interface) to connect to your wifi network, then how would you securely transfer the keys? Would you use shorter/similar/longer approach?
Personally, I think next time I will leave the older network up a bit longer so that I can configure the printer over an existing secure wireless network 😉