HP has been forced to address a potential security flaw in its LaserJet printers highlighted by Columbia University researchers, but has hit back at claims that the vulnerability could allow hackers to set the machines on fire remotely.
The research findings were revealed in an MSNBC.com story on Tuesday, and claimed that poor authentication functionality allowed the device's Remote Firmware Update to be compromised to allow hackers to remotely control LaserJet printers.
This in turn could allow hackers to disable machines, set them on fire by heating up the printer's fuser, or use the device as a beachhead to attack the corporate network, the report said.
HP did admit that there is a problem, but criticised MSNBC.com for "sensational and inaccurate reporting", arguing that the LaserJet printers have a "thermal breaker" designed to prevent the fuser from overheating.
Accelerated image showing remote reprogramming of an HP LaserJet printer. Photo: Columbia University
"While HP has identified a potential security vulnerability with some HP LaserJet printers, no customer has reported unauthorised access. The specific vulnerability exists for some HP LaserJet devices if placed on a public internet without a firewall," the firm said in a statement.
"In a private network, some printers may be vulnerable if a malicious effort is made to modify the firmware of the device by a trusted party on the network. In some Linux or Mac environments, it may be possible for a specially formatted corrupt print job to trigger a firmware upgrade."
Rik Ferguson, EMEA director of research at Trend Micro, told V3 that security concerns have long affected printers, which have always represented a "juicy target" because their hard drives are likely to contain a healthy chunk of sensitive information.
"As far as the recent vulnerability is concerned, it centres around these devices accepting firmware updates without requiring a digital signature for the file," he added.
"As firmware is responsible for the basic functionality of a device, if you can compromise it then you can control many aspects of how that device functions and/or gain inappropriate levels of access."
Also, what's a USB stick?
Gravitational waves become extremely weak by the time they reach the Earth and require highly sensitive equipment for detection
The reactor topped out at 100 million° C
Cosmic event will not cause any disruption on Earth, say scientists