A Month back Columbia University Researchers found millions of LaserJet Printers sold by HP since 1984 till now are vulnerable for hacking and they can be exploded via remote code execution, HP says they yet to have any reports from customers or organizations regarding unauthorized access to their printers and they made the firmware update available and HP recommends printers should be placed behind firewall and remote firmware updating should be disabled.
If a virus-crafted document sent to a printer can install the firmware update without verifying the digital signature that can heat the fuser and printer can get fire. Even print jobs can be send to printer via internet there is a possibility of triggering the firmware update remotely also. HP claims there is a hardware element called “Thermal Breaker” which prevents fuser from heating.
“HP has built a firmware update to mitigate this issue and is communicating this proactively to customers and partners. No customer has reported unauthorized access to HP. HP reiterates its recommendation to follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed printers “ press release reads.
HP has yet to disclose which printer model are effected with this vulnerability, firmware update can be found at http://www.hp.com/support and HP also offers some security tips for printing and scanning which may be useful for you.
Please share this article