Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

HP LaserJet printers vulnerable to attacks, Columbia researchers warn

Company downplays danger threat, says fix is coming

Article comments

Millions of HP LaserJet printers contain a security weakness that could allow attackers to take control of the systems, steal data from them and issue commands that could cause the devices to overheat and catch fire.

Printers from other vendors likely have the same issue, leaving users of those devices exposed to similar threats, two reserachers from Columbia University said.

The security researchers findings was first published by MSNBC.com yesterday.

In response, HP played down the researchers' claims, labelling them "sensational and inaccurate".

"While HP has identified a potential security vulnerability with some HP LaserJet printers, no customer has reported unauthorized access," the company said.

It disputed media reports that the flaw would let hackers set LaserJet printers on fire and said that safety mechanisms built into the printers precluded that from happening.

The flaw in HP's LaserJet printers was discovered by Professor Salvatore Stolfo of the Computer Science Department at Columbia University's School of Engineering and Applied Science and fellow security researcher Ang Cui.

The vulnerability exists in the LaserJet printer's Remote Firmware Update process. Because of weak authentication measures, the printers can be fooled into accepting arbitrarily modified firmware by anyone with logical access to the device, Stolfo said in an interview.

The LaserJet printers that were tested do not require firmware updates to be digitally signed, allowing anyone to essentially instruct the printer to erase its existing operating software and overwrite it with a malicious one.

Attackers could gain total control of the printer and rewrite its software so that it would be impossible to reset it, he said. "It is a pretty bad security flaw," Stolfo said.

Stolfo said that he and Cui investigated three popular LaserJet models and discovered the same weakness in all three. The researchers have not disclosed the specific model numbers.

All that was required to compromise the printers was a maliciously crafted print job, either sent by someone with access to the printer or by someone remotely if the printer is connected directly to the internet, according to Stolfo.

The flaw allows attackers to steal documents from a compromised printer, or to use the device as a launch pad for attacking computers attached to it. The vulnerability also allows attackers to issue a command that could cause the printer's fuser, which is used to dry ink, to start heating up. Theoretically at least, that could cause the printing paper to catch fire.

According to Stolfo, during a demonstration, he was able to get the fuser on a LaserJet printer hot enough to cause the printer paper to brown and start smoking. But a safety mechanism built into the printer caused it to fail in a safe manner before it could catch on fire.

It is unclear whether the same sort of safety mechanism exists on printers from other vendors, he added.

Stolfo said that Cui and he discovered the LaserJet vulnerability when doing research on vulnerabilities in single-purpose embedded devices such as printers, routers, VoIP phones and digital thermostats. The two researchers plan to release a formal paper describing their findings after HP has had a chance to mitigate the issue, he said.

HP did not immediately respond to a request for comment. In its statement, HP said it is working on a firmware update for the issue.

"The specific vulnerability exists for some HP LaserJet devices if placed on a public internet without a firewall," the company said. "In a private network, some printers may be vulnerable if a malicious effort is made to modify the firmware of the device by a trusted party on the network."

LaserJet printers in some Linux or Mac environments could be compromised by someone sending the device a corrupt print job, the company said.

"Speculation regarding potential for devices to catch fire due to a firmware change is false," HP noted. A hardware element known as a thermal breaker prevents LaserJet printers from overheating or causing a fire. "It cannot be overcome by a firmware change or this proposed vulnerability," HP said.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *