Hackers can Make HP Printers Catch Fire!

Doomedspeed

Doomedspeed

Doomedspeed

Soldato
Joined
13 Oct 2011
Posts
11,881
Location
Melbourne, Australia
Researchers at Columbia University have investigated the security of HP network printers and have found them wanting. The basic problem is the complexity of the devices and the fact that the authenticity of firmware updates for these devices isn't checked by using a digital signature. MSNBC published an exclusive story, explaining how by using a hacked computer, the researchers could make their test printers do various nasties, such as continuously heat the fuser unit until the paper singed, at which point the printer shut off due to the built-in safety device, a thermal switch which cannot be overridden by software. They could also be programmed to spread viruses, which would be very dangerous, as these attacking printers would be within the firewall perimeter, allowing them unrestricted access to the soft underbelly of the network. And as the MSNBC article put it so well: "Few companies are prepared to protect themselves from an attack by their own printer." Quite, seems ridiculous at first sight, doesn't it? The researches focused on HP printers, which are by far the most popular brand out there, but say that there are similar vulnerabilities within all devices which employ embedded networked computers, leaving them wide open to attack, hence the industry should wake up to this threat and fix their systems before hackers start to exploit these for real. HP for their part, played down the overall threat and disagreed on several points made by the researchers. Also, the attacks were carried out using Linux and Mac computers and the suggestion seems to be that it's somehow harder to do with a Windows computer. There's a lot more detail at the MSNBC article and readers are encouraged to check it out.
Click to expand...

Thought i'd share this. :)
 
Also, the attacks were carried out using Linux and Mac computers and the suggestion seems to be that it's somehow harder to do with a Windows computer
Click to expand...

I think this is the funny bit of the story!


I was amazed when i read it too.. You'd of thought precautions would have been in place.
 
Nothing new, you can hack pretty much any device on a network nowdays.
Until the paper singed doesnt really imply its going to catch fire especially as it says it auto-shuts off after.
 
if the printer is sat on a WAN its going to already be behind the Firewall. If you have gone to all the trouble to hack a secure corporate network I am sure you'll be doing a lot more interesting things rather than singing some paper in a HP ?

If they are already at the firmware then you've got bigger problems already TBH
 
wildman said:
if the printer is sat on a WAN its going to already be behind the Firewall. If you have gone to all the trouble to hack a secure corporate network I am sure you'll be doing a lot more interesting things rather than singing some paper in a HP ?

If they are already at the firmware then you've got bigger problems already TBH
Click to expand...

Wrong, anyone can connect to it. Its on wireless devices as hpsetup. Obvs need password, but if they can singe paper they can get through a password.
 
It cannot be done due to thermal safeguards built into the printers. This was said by HP themselves when the story first broke.

It was done in a lab by uploading a new firmware to overwrite that protection, nothing which a hacker will have any access to anyway.
 
You must log in or register to reply here.
Back
Top Bottom