HP printers can be remotely controlled and set on fire, researchers claim

[Arthur]

I wonder how many schools have HP laser printers which would be affected by this flaw?

Source: arstechnica.com/business/news/2011/11/hp-printers-can-be-remotely-controlled-and-set-on-fire-researchers-claim.ars

Security researchers at Columbia University have accused HP of selling printers with a flaw that could let hackers gain remote control over the devices. Once compromised, the access can be used to steal personal information, attack networks, and even set printers on fire by feeding them a continuous stream of instructions designed to heat them up.

The researchers, funded by government and industry grants, reported the flaw to federal officials and HP this month, and gave a demonstration to MSNBC, which has an extensive article on the subject today. HP told MSNBC that it is reviewing the details, but denied that the problem is as extensive as claimed by Columbia PhD student Ang Cui and Professor Salvatore Stolfo.

[pete]

I think I'll wait until I see evidence that points to something more than yet another "hey, printers in their default as-shipped config are vulnerable to $whatever" story.

[SYNACK]

Thats the thing with hp, they build in all the extras, fire starter, packet sniffer, offsite data backup. You just don't get that with other printer vendors

[Arthur]

Yeah. The headline is very sensationalist (like most are these days). It will be interesting to see how easy/difficult it is to do.

[sted]

Thats the thing with hp, they build in all the extras, fire starter, packet sniffer, offsite data backup. You just don't get that with other printer vendors

Or as with viruses windows vs mac there are so many hp printers out there its worth spending more time investigating than say oki

[sted]

Yeah. The headline is very sensationalist (like most are these days). It will be interesting to see how easy/difficult it is to do.

I did actually once mess round with google and send some random silly prints to some random hp printers dont even know what country they were in

[Michael]

I think the odds of actually achieving this in a real situation, getting around firewalls and the fact you can password printers... I'm not worried about it.

If they can do what they claim, they'd publish a video at least. I can't say I've ever seen an exploding printer

[Arthur]

HP have posted firmware updates for most of their LaserJet printers to fix this vulnerability. I was looking forward to seeing one on fire.

HP has built a firmware update to mitigate this issue and is communicating this proactively to customers and partners. No customer has reported unauthorized access to HP. HP reiterates its recommendation to follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed printers.

The firmware update can be found at www.hp.com/support and selecting Drivers.

Additional printer security information is available at www.hp.com/go/secureprinting. (Source)

[SYNACK]

I was looking forward to seeing one on fire.

It would have made my Christmas

[DaveP]