Posted by Admin on Wednesday, Nov 30, 2011
HP Responds to Claims of Printer Vulnerability to Hackers & Potential Office Fires
Hewlett Packard Corporation has published an Official Statement to claims alleging security vulnerabilities by hackers with certain HP LaserJet Printers. This is in response to a controversial MSNBC Report.
The allegation contends that HP LaserJet Printers could be used to start a Fire in your Office if Hackers were able to disable certain safety protocols that are embedded in the firmware of the printer. This is the claim made by Columbia University Professor Salvatore Stolfo, the article states.
“Speculation regarding potential for devices to catch fire due to a firmware change is false. No customer has reported unauthorized access,” HP confirmed.
“[Our] LaserJet printers have a hardware element called a ‘thermal breaker’ that is designed to prevent the fuser from overheating or causing a fire. It cannot be overcome by a firmware change or this proposed vulnerability.”
HP’s acknowledgement of Professor Stolfo’s sited vulnerabilities were countered with their claim that certain HP LaserJet Printers could only be hacked if connected to the internet without the use of a firewall.
On a Protected or Private Network, some printers may be vulnerable if a malicious effort is made to modify the firmware of the device by a trusted party on the network.
HP added “in some Linux or Mac environments, it may be possible for a specially formatted corrupt print job to trigger a firmware upgrade,” and “that it was coding a firmware upgrade to “mitigate” the issue and recommended users follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed devices”.
This time-lapsed image of a screen on an HP LaserJet shows the impact of a rogue print job used to reprogram the device.
Ready to Connect?
Fill out the form, stop by, or give us a ring!