HP: Hackers Can’t set Printers on Fire

Thursday, December 1, 2011 @ 08:12 PM gHale

Not so fast says Hewlett Packard. That was the computer industry giant’s reaction after researchers showed a series of attack methods that rely on vulnerabilities found in HP LaserJet printers that could potentially lead to the printer catching fire.

So far, the company said no customers reported anything that would indicate a device catching on fire as a result of a malevolent software update.

HP was reacting to a report from two Columbia University researchers that said there is a vulnerability in HP LaserJet printers that could allow a hacker to remotely control it to launch cyber attacks, steal information that’s being printed and even instruct its mechanical components to overload until the device catches on fire.

FBI: Hackers Hit Cities Via SCADA
Hackers can Set Printer on Fire
Feds: No Cyber Intrusion at IL Water Plant
NJ Water Plant Victim of ‘Terrorism’

The flaw not only affects HP printers, but also other devices utilized by millions of individuals and companies that considered them safe, said Columbia researchers Ang Cui and Salvatore Stolfo.

“HP LaserJet printers have a hardware element called a ‘thermal breaker’ that is designed to prevent the fuser from overheating or causing a fire. It cannot be overcome by a firmware change or this proposed vulnerability,” HP said in a statement.

On the other hand, the company said some of the vulnerabilities that could allow unauthorized access may be plausible, but the attack only works on machines placed in a public network that doesn’t benefit from a firewall.

“In a private network, some printers may be vulnerable if a malicious effort is made to modify the firmware of the device by a trusted party on the network. In some Linux or Mac environments, it may be possible for a specially formatted corrupt print job to trigger a firmware upgrade,” the statement adds.

While HP keeps stating the attacks would only work on Mac and Linux systems, printers connected to Windows devices not being susceptible to an attack, in reality, a Windows-running machine could always be fitted with a Linux partition from where the attack could take place.

One Response to “HP: Hackers Can’t set Printers on Fire”

  1. chrisr224 says:

    Fiction so easily believed and becomes dangerous fact!

    In Sept 2011 my beautiful house in New Zealand was burnt down whilst we were 300Km away!
    The investigation found nothing to explain it, no accelerants, trigger device or other arson indicators but Insurance company doesn’t like the $2.5M claim!

    Three weeks ago I was arrested! Charged because they claim I used remote access computer software installed on my laptop computer to remotely access a printer located at the insured property, which had been set up so as to be an ignition device when the printer was activated. Once ignition occurred, the fire spread throughout the house.

    Now, I’m a 63 yo seriously ill retired man, admittedly with a lot of micro experience but not current in any way!
    I had two Brother inkjet printers, identical but one was the wireless model.
    It is clearly impossible to do anything to an inkjet to make it into an ignition device! Problem is proving it!
    I wrote to Prof Stolfo at Columbia who published the research that obviously triggered this claim, HP and Brother but no replies at all!

    I face a long jail term and the insurance company will walk away free all due to a myth being accepted as reality!

Leave a Reply

You must be logged in to post a comment.