If you’ve been in the market for a new printer for your home office recently, you know how advanced they’ve become. They are so full of functionality they are practically computers themselves.
According to a recent study by Columbia University researchers and reported by msnbc.com, they may lack sufficient security to keep hackers at bay. Millions could be vulnerable to attack, the report stated, which can put consumers, businesses and even the government at risk.
According to the report, flaws in printer firmware could allow hackers to remotely control them, from within a network over the Internet. Once reprogrammed, hackers can use printers to attack networks, steal personal information and even cause physical damage.
The report cites Hewlett-Packard LaserJet models as being particularly vulnerable. Columbia researchers Salvatore Stolfo and Ang Cui discovered the Hewlett-Packard LaserJet printers they tested allowed updates remotely. When the researchers tested printers by sending print jobs infected with malicious code, they learned the printers checked to see if a software update was included but didn’t discriminate the update’s source, nor was a digital signature required to verify the update’s authenticity. So a hacker could instruct a printer to erase its operating software and install a new version.
If a printer is configured to accept print jobs from the Internet, the threat is even more insidious because it can be done from anywhere. In a demonstration, Stolfo and Cui showed how infected code could instruct a printer to heat up its fuser until the paper inside turns brown and begins to smoke. The printer’s thermal switch automatically flipped and prevented a fire.
Anti-virus software isn’t capable of scanning or fixing a printer’s software that runs on embedded chips, the msnbc.com report stated. Tim Sander, Applied Systems‘ vice president of cloud services, said it’s best to not expose devices, no matter how safe they may seem, to a public network like the Internet. “Externally exposed devices should be carefully evaluated and controlled through firewalls and other protective measures,” he said. “The requirement to have them external should be reviewed regularly.”
Hewlett-Packard said this week they are still reviewing the details of the study but dispute the security issue is widespread. A company spokesperson said newer printers do require digital signatures with firmware upgrades and have so since 2009.
To read more about this issue, click here.
What kind of printers do you have in your office? Have you had any issues with your printer in which you suspect it was infected somehow? If so, how did you resolve them?
Join the conversation:




