Between the Lines

Larry Dignan, Andrew Nusca and Rachel King
Home / News & Blogs / Between the Lines

HP: Printer hack, fire stories are overblown

By | November 29, 2011, 3:02pm PST

Summary: HP called reports about printer hacks that could lead to fires “sensational and inaccurate.”

Hewlett-Packard moved to clarify reports of a potential printer hack that could lead to a fire.

Earlier Tuesday, reports surfaced about how Web-enabled LaserJet printers could be hacked and set up so they could catch on fire. MSNBC reported on research from Columbia University professor Salvatore Stolfo.

According to MSNBC:

Printers can be remotely controlled by computer criminals over the Internet, with the potential to steal personal information, attack otherwise secure networks and even cause physical damage, the researchers argue in a vulnerability warning first reported by msnbc.com. They say there’s no easy fix for the flaw they’ve identified in some Hewlett-Packard LaserJet printer lines – and perhaps on other firms’ printers, too – and there’s no way to tell if hackers have already exploited it.

The researchers, who have working quietly for months in an electronics lab under a series of government and industry grants, described the flaw in a private briefing for federal agencies two weeks ago. They told Hewlett-Packard about it last week.

Naturally, this story took off.

HP said in a statement:

Today there has been sensational and inaccurate reporting regarding a potential security vulnerability with some HP LaserJet printers. No customer has reported unauthorized access. Speculation regarding potential for devices to catch fire due to a firmware change is false.

HP LaserJet printers have a hardware element called a “thermal breaker” that is designed to prevent the fuser from overheating or causing a fire. It cannot be overcome by a firmware change or this proposed vulnerability.

While HP has identified a potential security vulnerability with some HP LaserJet printers, no customer has reported unauthorized access. The specific vulnerability exists for some HP LaserJet devices if placed on a public internet without a firewall. In a private network, some printers may be vulnerable if a malicious effort is made to modify the firmware of the device by a trusted party on the network. In some Linux or Mac environments, it may be possible for a specially formatted corrupt print job to trigger a firmware upgrade.

HP said it will deliver a firmware upgrade to plug the flaw. In the meantime, put your printer behind a firewall and disable remote firmware uploads on printers.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Between the Lines”

Topics

Hewlett-Packard Co., HP LaserJet, Firmware, Printers, Managed Print Services, Hardware, Peripherals, Larry Dignan

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic.

Disclosure

Larry Dignan

Larry Dignan has nothing to disclose. He doesn’t hold investments in the technology companies he covers.

Biography

Larry Dignan

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CNET News.com. Larry has covered the technology and financial services industry since 1995, publishing articles in WallStreetWeek.com, Inter@ctive Week, The New York Times, and Financial Planning magazine. He's a graduate of the Columbia School of Journalism and the University of Delaware.

For daily updates, follow Larry on Twitter.

3
Comments
Add Your Opinion

Join the conversation!

Just In

RE: HP: Printer hack, fire stories are overblown
Gisabun 30th Nov
@LadyGray : I see where your allegiance lies. Windows may be a bit buggier but it makes apps like iTunes and Chrome browser make it buggier. Isn't it Apple that releases a 600MB+ update every 2 months - filled with fixes? Most web interfaces are Linux based. So if a printer is vulnerable, it's a Linux OS issue.
View in thread
0 Votes
+ -
Ready, Aim, FIRE!
LadyGray 30th Nov
"In some Linux or Mac environments, it may be possible for a specially formatted corrupt print job to trigger a firmware upgrade." Everyone knows this is wrong, because it is Windows that is a problem, not Linux or Mac . . . OK, just kidding, but I can't remember the last time that Windows wasn't on the top of the list for having a vulnerability. And it is mind-boggling to see how the regular media has been going hysterical over this.
0 Votes
+ -
RE: HP: Printer hack, fire stories are overblown
Gisabun 30th Nov
@LadyGray : I see where your allegiance lies. Windows may be a bit buggier but it makes apps like iTunes and Chrome browser make it buggier. Isn't it Apple that releases a 600MB+ update every 2 months - filled with fixes? Most web interfaces are Linux based. So if a printer is vulnerable, it's a Linux OS issue.
0 Votes
+ -
Jeez
Gisabun 30th Nov
If you are dumb enough to enable a printer on the Internet, maybe you should let the printer get hacked. I can think of very, very few reasons why you would want a printer visible on the Internet.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix