UPDATED 17:26 EDT / NOVEMBER 29 2011

Hackers Setting HP Printers Ablaze: A Little Perspective

Electronics gone wild.  First it was iPhones exploding,  then there was a story about studies showing wifi-enabled laptops killing sperm, now there is a story that says hackers can set your HP printers on fire.  It really seems like electronic devices are bordering on dangerous, based on what we see in the news.

MSNBC reported earlier today that Columbia University researchers had discovered a security flaw in HP LaserJet printers where a hacker could send instructions to overheat printer components, possibly causing a fire.  Some 100 million LaserJet printers made before 2009 are subject to this reported vulnerability.  The vulnerability reportedly lies in automated software updates that take place at the printer.  Updates are reportedly not verified by digital certificate or signatures that would commonly authenticate the source of any software updates originating from HP.  Basically a hacker can easily intercept themselves into that process and install their own software update.  That update reportedly can be tweaked so that printer componentry can be actuated beyond their operational constraints, forcing an overheat condition, then reportedly the possibility of en fuego.

Let’s take a look at this, the bottom line is that there are hundreds of millions of such potentially confirmed hackable endpoints.  If confirmed it could mean way more than the chance of a few crispy printer rollers.  It could be a whole new vector for DDOS attacks for example, relay for spam, or any number of nefarious purposes.  The point is – forget about the chance of fire, this is a pretty serious issue that I suspect is not exclusive to HP printers at all.  Most organizations utilize some type of multifunction scan/email/print/fax or some combination type device.  Quite often due to desired functionality and a lack of proper security perspective, exceptions have been created in firewalls, or the device is allowed to relay email or use external naming systems.  It’s a painful reality of technology convenience, and a sore point (and vulnerability) for many organizations, and they may not even know it.

HP has subsequently acknowledged there is a security issue, but also report that there are no reports of any such issues.  HP also alluded to the existence of a thermal breaker element within such printers that would prevent such spontaneous ignition, therefore minimizing such physical risks.  Reportedly an upgrade to the firmware is being put together to fix the security issue.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU