TechTarget

Pre-2009 HP printers vulnerable to hackers, say researchers

A security flaw found in, but not necessarily limited to, HP printers can be exploited by hackers to take full control of printer functions, according to researchers at Columbia University.

This Article Covers

Printers

A security flaw found in, but not necessarily limited to, HP printers can be exploited by hackers to take full control of printer functions, according to researchers at Columbia University.

The researchers said no pre-2009 HP printers have built-in security and will automatically accept any firmware update from any source, according to US reports.   

Initial reports by MSNBC said hackers could even set printers ablaze remotely, but HP has since issued a statement to refute the claim.

However, HP said it is “building a firmware upgrade to mitigate this issue and will be communicating this proactively to customers and partners who may be impacted”.

Until a firmware upgrade is available, HP recommends customers follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling the remote firmware upload option on exposed printers.

HP also highlighted the fact that all of its printers from 2009 onwards include digital signing to prevent this type of exploit, but the researchers said that still leaves tens of millions of devices vulnerable.

The security flaw on the pre-2009 machines allows hackers to send customised firmware to a printer that could enable them to render a user's printer useless, waste toner or overheat the device.

The researchers warned that once a printer is compromised, any update from HP will be useless, and said the same flaw could affect other printer makers although this is yet to be tested.


Photo: Thinkstock

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close