A Vulnerability in Millions of LaserJet printers allows remote hacker to install/execute malicious firmware , discovered by Researchers At Columbia University. They discovered this vulnerability in HP Lasterjet printers, perhaps on other firms’ printers, too.
Interestingly , an attacker can make physical damage to victims' printer remotely using this vulnerability. Unfortunately, there is no easy fix for this vulnerability and there's no way to tell if hackers have already exploited it.
The researcher reported to HP( Hewlett-Packard) about this security flaw last week. HP said Monday that it is still reviewing details of the vulnerability, and is unable to confirm or deny many of the researchers’ claims, but generally disputes the researchers’ characterization of the flaw as widespread.
Keith Moore, chief technologist for HP's printer division, said the firm "takes this very seriously,” but his initial research suggests the likelihood that the vulnerability can be exploited in the real world is low in most cases.
“Until we verify the security issue, it is difficult to comment,” he said, adding that the firm cannot say yet what printer models are impacted.
But the Columbia researchers say the security vulnerability is so fundamental that it may impact tens of millions of printers and other hardware that use hard-to-update “firmware” that’s flawed.
"Could a hacker from half-way around the planet control your printer and give it instructions so frantic that it could eventually catch fire? Or use a hijacked printer as a copy machine for criminals, making it easy to commit identity theft or even take control of entire networks that would otherwise be secure?"
Interestingly , an attacker can make physical damage to victims' printer remotely using this vulnerability. Unfortunately, there is no easy fix for this vulnerability and there's no way to tell if hackers have already exploited it.
The researcher reported to HP( Hewlett-Packard) about this security flaw last week. HP said Monday that it is still reviewing details of the vulnerability, and is unable to confirm or deny many of the researchers’ claims, but generally disputes the researchers’ characterization of the flaw as widespread.
Keith Moore, chief technologist for HP's printer division, said the firm "takes this very seriously,” but his initial research suggests the likelihood that the vulnerability can be exploited in the real world is low in most cases.
“Until we verify the security issue, it is difficult to comment,” he said, adding that the firm cannot say yet what printer models are impacted.
Columbia researcher Ang Cui explains how he was able to infect an HP printer with malicious code. |
But the Columbia researchers say the security vulnerability is so fundamental that it may impact tens of millions of printers and other hardware that use hard-to-update “firmware” that’s flawed.