A few months ago, due to a need from my partner, I started looking for a printer. Having not owned one at home for the last 15 years, I was pleasantly surprised to see that the prices for printers on e-commerce platforms had become much more affordable, both in terms of cost and performance, compared to previous years. Following the idea of “Man is never satisfied,” I wanted a budget-friendly model that included a scanner, photocopying capabilities, Wi-Fi connectivity, and the ability to easily print from mobile devices. I eventually found HP’s DeskJet 3630 All-in-One printer and bought it for 200 Turkish Liras.
Despite my partner’s valid warnings of “don’t mess with it, you might break it!”, I decided to quickly check out this new device that would become part of my home’s local network. Using the HP Easy Start app, I was able to connect the printer to my Wi-Fi network in under five minutes by simply entering the password for my existing Wi-Fi, completing the setup quickly. During the process, there were no instructions on important security considerations, like setting a strong password for the management interface. However, the printer did support Wi-Fi Direct technology, enabling Wi-Fi devices to communicate with each other. According to the printer’s setup documentation, for enhanced security, it was recommended to change the Wi-Fi setting from automatic to manual, but no guidance was provided on how to do so.
When I pressed the Wireless and Information buttons on the printer, I discovered that the Wi-Fi Direct password was set to 12345678. The frustrating part was that it should have been much easier for users to change such a simple password during the setup process. As someone who enjoys experimenting with devices, I found myself wondering, “How could this default Wi-Fi Direct password be exploited?” and began looking for an answer.
Now, imagine that in areas with many office buildings, such as subscriber centers processing population documents or notary offices, this printer and scanner are frequently used. Let’s say one of the tasks involves scanning documents like population papers received from customers. Could a malicious individual connect to the printer via Wi-Fi Direct using the default password, 12345678, and potentially retrieve a scanned image that had already been successfully completed? Fortunately, the answer is no, because the printer prevents the same image file from being downloaded again and likely deletes it from memory after the process is finished.
But what if this malicious individual were able to monitor the printer’s status through a web service and, as soon as a scanning process begins and finishes, trigger a new scan and download the resulting image? And what if they used a Python tool running on a Raspberry Pi to do this? In such a case, the situation could be quite different. While I haven’t worked on the Raspberry Pi side myself, I decided to quickly develop a small tool in Python, named HP Scanner Thief, to demonstrate how easily such misuse could happen and to raise awareness.
The core function of the HP Scanner Thief tool is to make a request to the /eSCL/ScannerStatus page to check the scanner’s status. If the JobUuid value differs from the previous one, the tool sends a request to initiate a scan through the /eSCL/ScanJobs page, then downloads the resulting document from the /eSCL/ScanJobs/[uuid]/NextDocument page.
Using the HP Scanner Thief tool, if a scan is performed and the scanned document is not physically retrieved from the printer within 20 seconds, the document can be digitally stolen. This highlights the critical importance of changing the default Wi-Fi Direct password to a strong one via the management interface!
The key takeaway from this text is that when purchasing devices today, we should assess them not only based on price and performance but also on security. After buying a device, it’s important not to rely solely on the manufacturer’s easy setup process. Instead, we should take steps to secure it by setting a strong password, disabling unnecessary services, and taking other precautions before integrating the device into our home or work network.
