Hackers can Set Printer on Fire

Wednesday, November 30, 2011 @ 10:11 AM gHale


There is a vulnerability in HP LaserJet printers that could allow a hacker to remotely control it to launch cyber attacks, steal information that’s being printed and even instruct its mechanical components to overload until the device catches on fire.

The flaw not only affects HP printers, but also other devices utilized by millions of individuals and companies that considered them safe, said Columbia University researchers Ang Cui and Salvatore Stolfo.

RELATED STORIES

Google+ Attempts Tighter Security

Kit Exploits Non Updated Java Hole
Putting BEAST into Context
Mitsubishi Heavy Data Transfer
Mitsubishi Heavy Hack: Nuclear Info

In one of the cases of the HP printers which they thoroughly tested, researchers relied on the fact that users do not check remote software updates for signatures or ccertificates when they get them installed, but this wasn’t the only issue.

In another demonstration, by sending the device a specially crafted print job, they were able to inject a code that would automatically scan printed documents for sensitive information, transmitting the sensitive data to a Twitter feed.

They showed an infected computer could instruct the printer’s fuser, the one used to dry off the paper, to continuously heat up until the device self-destructs or, if it lacks a fuse, to set itself on fire.

Even more worryingly, during the tests they also proved that a hijacked printer could act as a gate-opener for a full-effect attack on a company network. They even made a demo from computers running Mac and Linux operating systems.

“Printers have been a weak spot for many corporate networks. Many people don’t realize that a printer is just another computer on a network with exactly the same problems and, if compromised, the same impact,” said F-Secure’s Mikko Hypponen.

HP said the situation might not be all that disastrous, claiming their newer models do check for a signature while performing firmware updates. However, they’re currently investigating the issue to determine exactly who this issue will affect and what they can do about it.

Even though later printer models should be more secure, the researchers said one of the printers used in their tests was fairly new.



Leave a Reply

You must be logged in to post a comment.