Posted by: Ken Harthun
hackers, HP, insecure, Vulnerabilities
There has been a furor today over some Columbia University researchers’ claims that certain HP printers can be compromised by hackers via “Remote Firmware Update” and made to overheat or catch fire. This article on redtape.msnbc.com is the first one I was aware of and leads with:
Could a hacker from half-way around the planet control your printer and give it instructions so frantic that it could eventually catch fire? Or use a hijacked printer as a copy machine for criminals, making it easy to commit identity theft or even take control of entire networks that would otherwise be secure?
It’s not only possible, but likely, say researchers at Columbia University, who claim they’ve discovered a new class of computer security flaws that could impact millions of businesses, consumers, and even government agencies.
You can read the article and decide for yourself it this is a real threat or just sensational journalism. My take is that I’m not going to worry about it unless it starts happening in the wild. Naturally, HP responded and while I’m no HP apologist, I tend to view their stance as justified. You can read HP’s statement which leads with:
Today there has been sensational and inaccurate reporting regarding a potential security vulnerability with some HP LaserJet printers. No customer has reported unauthorized access. Speculation regarding potential for devices to catch fire due to a firmware change is false.
HP LaserJet printers have a hardware element called a “thermal breaker” that is designed to prevent the fuser from overheating or causing a fire. It cannot be overcome by a firmware change or this proposed vulnerability.
While HP has identified a potential security vulnerability with some HP LaserJet printers, no customer has reported unauthorized access. The specific vulnerability exists for some HP LaserJet devices if placed on a public internet without a firewall.
HP says it is working on a firmware upgrade to address the security vulnerability.