"Security researchers say HP printers vulnerable to hackers"

Gene Wirchenko genew at ocis.net
Tue Nov 29 13:35:44 PST 2011

Woody Leonhard | InfoWorld, 29 Nov 2011
Flaw in HP's printer firmware update procedures could expose your
company's printers to hackers. Here are the steps you should take to
protect them

selected text:

MSNBC released an "exclusive" report quoting two Columbia University
researchers as saying that millions of HP printers are open to potentially
devastating online hacks. While the security holes appear to be very real,
there's a great deal of question about whether the attacks could ever be
implemented in a real-world situation -- and there are steps you can take at
your corporate firewall right now to mitigate the threat.

The fundamental problem stems from the way HP printers validate firmware
updates prior to applying them. Or more accurately, the way HP printers
don't bother to validate firmware updates prior to applying them.

The demo referenced in the MSNBC report involved an HP printer's fuser. The
altered firmware turned the fuser on and left it on, browning the paper and
throwing off smoke, before the printer's thermal interrupt kicked in.


More information about the cypherpunks-legacy mailing list