(KTSF by Ricky Chan and excerpt from HP News Release)
Researchers at Columbia University claim that they have discovered security flaws in printers, and it can impact millions of users.
According to MSNBC.com, researchers at Columbia University say the security flaws are found on some Hewlett Packard (HP) LaserJet printers, and the hackers can take advantage of those flaws, remote control the printers and potentially steal personal information of users.
Researchers at Columbia University created a firmware update to the printer that exploited the vulnerability of the printer’s fuser (the heater that bonds toner to paper), which resulted in overheating of the machine or eventually catch fire. However, in their demo, a thermal switch shut the printer down before a fire starts.
HP, in a statement, says all its printers include such thermal switches, and these would prevent a printer fire in all cases. In addition to that, they claim that the potential for devices to catch fire due to a firmware change is false and they have not received any report from users regarding unauthorized access of their printers. It says in the statement, “While HP has identified a potential security vulnerability with some HP LaserJet printers, no customer has reported unauthorized access. The specific vulnerability exists for some HP LaserJet devices if placed on a public internet without a firewall. In a private network, some printers may be vulnerable if a malicious effort is made to modify the firmware of the device by a trusted party on the network. In some Linux or Mac environments, it may be possible for a specially formatted corrupt print job to trigger a firmware upgrade. HP is building a firmware upgrade to mitigate this issue and will be communicating this proactively to customers and partners who may be impacted. In the meantime, HP reiterates its recommendation to follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed printers.”
Original demo video:
(Copyright 2011 KTSF and HP News Release. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)