HP secretly issues patches for a flaw found in its LaserJet printers.
Without informing its customers, HP fixed a security flaw which was identified in its LaserJet printers. Last year two security researchers from Columbia reported a potential risk which could have allowed hackers to damage HP LaserJet printers. The researchers informed that hackers could gain access to a computing device by deploying a malicious file using remote techniques. Furthermore, the study proved that HP LaserJet printers do not check the digital signature while installing an update.
Both the analysts said that an HP LaserJet printer looks for firmware updates whenever a print command is given. In this way, it is quite simple to install an unknown file on the user’s computer. Not only this, one can access the printer fuser to produce heat with the intention of launching fire on a computing device. But apparently, HP has fixed the flaw albeit without informing its customers.
In response, HP officials said that “The specific vulnerability exists for some HP LaserJet devices if placed on a public internet without a firewall. In a private network, some printers may be vulnerable if a malicious effort is made to modify the firmware of the device by a trusted party on the network. In some Linux or Mac environments, it may be possible for a specially formatted corrupt print job to trigger a firmware upgrade.”.
Although HP did consider the flaw as a serious threat, the officials disagreed on the latter half of the research. HP officials said that all their printers consist of a component to stop fire, so a firmware update installed on a computer cannot start fire. In order to fix the vulnerability, HP released a security patch. Instead of notifying the users, the updated firmware was installed automatically like before. Also, HP claimed that none of its customers encountered this issue.
Visit HP’s official site and scan for updated drivers for HP LaserJet printer.