A security flaw found in, but not necessarily limited to, HP printers can be exploited by hackers to take full...
control of printer functions, according to researchers at Columbia University.
The researchers said no pre-2009 HP printers have built-in security and will automatically accept any firmware update from any source, according to US reports.
However, HP said it is “building a firmware upgrade to mitigate this issue and will be communicating this proactively to customers and partners who may be impacted”.
Until a firmware upgrade is available, HP recommends customers follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling the remote firmware upload option on exposed printers.
HP also highlighted the fact that all of its printers from 2009 onwards include digital signing to prevent this type of exploit, but the researchers said that still leaves tens of millions of devices vulnerable.
The security flaw on the pre-2009 machines allows hackers to send customised firmware to a printer that could enable them to render a user's printer useless, waste toner or overheat the device.
The researchers warned that once a printer is compromised, any update from HP will be useless, and said the same flaw could affect other printer makers although this is yet to be tested.