updated 11:50 am EST, Tue November 29, 2011
University finds HP network printer security flaw
Researchers at Columbia University have allegedly found a hack in HP LaserJet printers that can affect network security and destroy the affected printers, MSNBC said. Printers other than HP's could be affected and there is no simple workaround for the issue. The researchers found the flaw after months of work in a lab, briefed federal agencies two weeks ago, and informed HP about it last week.
As of Monday, HP said it was reviewing the findings and is yet to confirm or deny the claims. HP printer division chief technologist Keith Moore believes the possibility of exploiting the alleged flaw in the real world is very low. Exactly which models are affected also can't yet be said for sure.
The researchers said the flaw can be applied to all printers and other hardware that rely on firmware updates and are connected to the Internet.
The Computer Science Department of Columbia University's School of Engineering and Applied Science research team, headed up by Columbia professor Salvatore Stolfo, demonstrated the potential damaging effects of the hack. A printer's fuser, normally used to dry ink, could be told to heat up continuously and case the paper to turn brown and smoke. Some printers without a failsafe thermal switch could catch fire, they concluded.
No current antivirus software could detect a virus sent to these printers. Physically pulling the computer chips from the printer and testing them is the only way.
HP said the team only tested and hacked HP printers older than 2009, as the newer ones require digitally signed firmware upgrades which aren't susceptible to these attacks. Also, HP said its inkjet printers aren't affected because they generally don't allow firmware updates.
A fix from HP to an already infected printer won't be effective, the team said, as firmware is owned forever once placed into the hardware. This is what makes the problem serious and different from fixing viruses on the PC, they said.
Also, other gadgets that connect to the web, such as DVD players, telephone conference tools and home appliances, are susceptible to hacker attacks and have no security against them.