Hewlett-Packard offers fix for printers susceptible to remote hacks

Dec 26, 2011 By Jeremy C. Owens

Hewlett-Packard released a firmware update Friday that it says will fix a susceptibility in some of the Palo Alto, Calif., company's popular LaserJet printers that researchers said could allow hackers to remotely take control of the devices.

Last month, MSNBC reported a team of researchers from Columbia University discovered that some Hewlett-Packard LaserJet printers, and possibly similar devices, did not verify software upgrades contained within so-called remote updates. The researchers were able to offer firmware updates that included and then take control of the printer.

Once the researchers were able to take control of printers, they were able to accomplish a host of potentially dangerous tasks. They said they could print a tax return while sending a copy to a hacker's , compromising a host of personal information; easily disable printers; and even command a printer to continuously heat up its ink-drying component until it started to set on fire.

Hewlett-Packard issued a statement after the report was released vehemently denying that printers could be commanded to burst into and saying "no customer has reported unauthorized access," but the company did admit there was a flaw.

"HP has identified a potential security vulnerability with some HP LaserJet printers ... if placed on a public Internet without a firewall. In a private network, some printers may be vulnerable if a malicious effort is made to modify the firmware of the device by a trusted party on the network," the statement read.

On Friday, HP issued a news release reiterating that no customers have reported unauthorized access to their LaserJet printers, and offered a firmware update that the company says will "mitigate this issue." The update is available at www.hp.com/support, in the "Drivers" category.

Researchers warned that if a hacker had gained control of a printer in this manner, however, there would be no way to reverse the process.

"If and when HP rolls out a fix, if a is already compromised, the fix would be completely ineffective. Once you own the firmware, you own it forever. That's why this problem is so serious, and so different," researcher Ang Cui said. "This is nothing like fixing a virus on your PC."

Hewlett-Packard recommends placing printers behind a firewall to protect exposure to remote hacks and disabling remote firmware upload capabilities on exposed printers.

Explore further: GoPro gets a little cheaper —and fancier —with new Hero4 camera

3 /5 (3 votes)
add to favorites email to friend print save as pdf

Related Stories

HP Launches New Enterprise Printers

Apr 12, 2007

The company adds to its printing portfolio with two new ink-based color multifunction printers, updated management tools and a universal print driver.

HP Expands with New Deskjet Printer Line

Apr 19, 2007

Hewlett-Packard will be adding on to its printing portfolio with three new deskjet printers designed for home and small and midsize business users.

Federal agency backs HP inkjet patent complaint

Jun 11, 2011

Hewlett-Packard said Friday that a US federal agency has backed its claim that rival MicroJet Technology Co. was infringing on patents for lucrative inkjet printer cartridges.

Recommended for you

China clears way for Apple iPhone 6 sales

3 hours ago

China has cleared the way for Apple to sell its latest iPhones in the key market by granting it a licence, the industry regulator said on Tuesday, after the US giant agreed to improve the security of users' ...

A Closer Look: Stream-box gaming is a mixed bag

18 hours ago

As gaming consoles such as the Xbox and the PlayStation diversify into video, social media and other non-gaming apps, it seems only fair that streaming TV devices start nudging into gaming territory.

Turkey's Erdogan dismisses new iPhone: 'Same as the last'

Sep 28, 2014

Turkish President Recep Tayyip Erdogan, known for his hostility to social networks and mobile technology, on Sunday brushed off the frenzy surrounding Apple's new iPhone 6, saying it was much the same as its iPhone 5 predecessor.

IT student seeks to help mitigate risks of Google Glass

Sep 26, 2014

As online data breaches continue to challenge companies' and consumers' trust in cybersecurity, UC information-technology major Marina Grebenshchikova is exploring the risks associated with ever-evolving ...

User comments : 0