Millions of printers at risk of hacks, say researchers

Summary:Researchers at Columbia University have said they have uncovered a major security flaw in printers that could lead to data theft, vandalism or even a risk of fire.They say that the vulnerability, which involves rogue firmware updates that reprogram the printers and take control, could affect millions of devices already installed, that there is no easy fix, and no way to tell if it's already been exploited.

Researchers at Columbia University have said they have uncovered a major security flaw in printers that could lead to data theft, vandalism or even a risk of fire.

They say that the vulnerability, which involves rogue firmware updates that reprogram the printers and take control, could affect millions of devices already installed, that there is no easy fix, and no way to tell if it's already been exploited.

The problem, reported by msnbc.com, could affect printers on networks with internet connectivity, according to Columbia professor Salvatore Stolfo who led the research. In a demonstration referenced in the original report, one printer was hacked to overheat internal components, charring paper and creating smoke before the printer's hardware protection shut it down. Another demonstration caused a printer to send data from a printed document to another computer, which automatically extracted information.

Firmware updates are trusted, said the researchers, and do not have digital signatures guaranteeing their origin. Although HP said in response to the claims that only printers before 2009 lack this security feature, the researchers said they had bought one of the printers found to be vulnerable from an office supply store in September 2011.

Modern printers are basically computers which run complex embedded operating systems and have extensive networking and processing capabilities, but lack most if not all of the security features that networked PCs have evolved over the years.

Topics: Emerging Tech

About

Editor, ZDNet UK. Ex technology/technical editor of ZDNet UK, IT Week, PC Magazine, Computer Life, Mac User, Alfa Systems, Amstrad, Sinclair. Micronet 800, Marconi Space and Defence Systems, and a dodgy TV repair shop in the back streets of Plymouth. Can still swap out a gassy PL509 with the best of 'em.Dear Reader - contact me via our m... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.