HP solves printer vulnerability problem

Hewlett-Packard Company has issued a new firmware that according to the company solves the recently discovered security hole affecting certain HP printers.

This comes as a reaction to the discovery of Columbia University researchers that was made in November 2011. According to them they have discovered a new class of security flaws that allow hackers to control printers over the Internet. The amazing discovery even suggests hackers could actually cause physical damage to printers by heating their fusers to dangerous levels possibly causing a fire.

So far only HP LaserJet printers have been affected and more precisely models that allow firmware upgrades through a “Remote Firmware Update” process. Since printers do not verify the source and because firmware updates don’t come packed with a signature, anyone can send a virus-laden document to the printer which would instruct the printer to erase its current firmware and install a malware-laced version. Hackers can even do this on printers configured to accept print jobs via the Internet.

HP Logo

At first HP denied the problem by saying that its printers come with a hardware element that prevents the fuser from overheating or causing a fire and that this element cannot be overcome by a firmware change but later the US company released a firmware that solves the security issue. In addition the company also said that as of December 23, no customer reports of unauthorized access have been reported. “HP reiterates its recommendation to follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed printers,” HP said in a statement.

Users of affected LaserJet printers can visit HP’s web site and download the new firmware. Additional printer security information is available at www.hp.com/go/secureprinting.


Source: Tom’s Guide