Is your HP printer a potential fireball?
Seems like the gadget that has been printing all your resumes, favorite song lyrics, and precious office presentations all this time has something sinister up its sleeve. A major security flaw in HP’s LaserJet printers can possibly let miscreants spy on all your confidential print jobs and even set your printer on fire. This sounds chillingly frightening but researchers say that it’s possible.
Researchers from Columbia University’s School of Engineering and Applied Science have come across a bug that can be applied to steal your personal documents and even heat up the printer and set it on fire. Professor Salvatore J. Stolfo and Ph.D. student Ang Cui found that the HP LaserJet 2055Dn printer integrates any firmware update without checking the authenticity of the firmware. This can be potentially dangerous as the firmware is not digitally signed as authentic HP firmware and miscreants can replace the printer’s OS. Attacks can take place even if your printer is not connected to the Internet, as long as it is connected to any computer.
The way this entire thing works reflects the gaping hole in HP’s security architecture for their printers. LaserJet printers from HP do allow firmware upgrades, and every time there is a print job, it checks for software updates. But that’s the fatal flaw, since the printers accept any unsigned firmware, immediately erases its existing software to install any potentially dangerous version. The situation is so volatile that this can make thousands of HP printers vulnerable, though the company counters this. However, they maintain that there is a “potential security vulnerability with their printers” if hooked up to public computers without any firewall. But what’s more scary is that besides stealing confidential documents, hackers can send continuous commands to the printer, overheat it, and set it on fire! Now that can be really scorching for someone who just wanted a few printouts at the end of the day.
Image by Windell Oskay
Content syndicated from wireframe.iyogi.com