HP Lists Vulnerable ‘Fire’ Printers

Wednesday, December 7, 2011 @ 01:12 PM gHale


While Hewlett-Packard still denies their printers can be set on fire via a remote attack, they did publish a list of devices that suffer from a “potential security vulnerability.”

“A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware,” said the security bulletin issued by HP.

RELATED STORIES
HP: Hackers Can’t set Printers on Fire
FBI: Hackers Hit Cities Via SCADA
Hackers can Set Printer on Fire
Feds: No Cyber Intrusion at IL Water Plant
NJ Water Plant Victim of ‘Terrorism’

Two Columbia University researchers said there is a vulnerability in HP LaserJet printers that could allow a hacker to remotely control it to launch cyber attacks, steal information being printed and even instruct its mechanical components to overload until the device catches on fire.

The flaw not only affects HP printers, but also other devices utilized by millions of individuals and companies that considered them safe, said Columbia researchers Ang Cui and Salvatore Stolfo.

HP LaserJet Enterprise 500 color M551, HP LaserJet Enterprise 600 M602, HP LaserJet M3035, HP Color LaserJet CP4005, HP LaserJet P4515 and HP LaserJet Enterprise M4555 MFP are just a few of the models out of the 40 listed by the company.

Users that purchased HP LaserJet models manufactured before 2009, may be susceptible to the attack.

Until HP finds a fix for the problem, the company published an advisory so customers can learn how to secure their devices against a potential unauthorized access.

Since the Remote Firmware Update (RFU) is default enabled, an update can go remotely to port 9100 without authentication, which could allow for someone to alter the machine’s firmware. Users should disable the Printer Firmware Update and consult the paper called “HP Imaging and Printing Security Best Practices.”

“HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action,” reads the advisory.



Leave a Reply

You must be logged in to post a comment.