News

Pre-2009 HP printers vulnerable to hackers, say researchers

Warwick Ashford

A security flaw found in, but not necessarily limited to, HP printers can be exploited by hackers to take full control of printer functions, according to researchers at Columbia University.

The researchers said no pre-2009 HP printers have built-in security and will automatically accept any firmware update from any source, according to US reports.   

Initial reports by MSNBC said hackers could even set printers ablaze remotely, but HP has since issued a statement to refute the claim.

However, HP said it is “building a firmware upgrade to mitigate this issue and will be communicating this proactively to customers and partners who may be impacted”.

Until a firmware upgrade is available, HP recommends customers follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling the remote firmware upload option on exposed printers.

HP also highlighted the fact that all of its printers from 2009 onwards include digital signing to prevent this type of exploit, but the researchers said that still leaves tens of millions of devices vulnerable.

The security flaw on the pre-2009 machines allows hackers to send customised firmware to a printer that could enable them to render a user's printer useless, waste toner or overheat the device.

The researchers warned that once a printer is compromised, any update from HP will be useless, and said the same flaw could affect other printer makers although this is yet to be tested.


Photo: Thinkstock


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy