December 1, 2011
HP has released an official statement in response to a recent report by MSNBC claiming that a security flaw in HP laser printers allows hackers to remotely reprogram with custom firmware and gain full control of your printer. Among possible threats is the option to continually heat a laser printer’s fuser until paper is set alight, MSNBC reported.
HP’s official statement debunks the possible of combustion, stating: “There has been sensational and inaccurate reporting regarding a potential security vulnerability with some HP Laserjet printers. No customer has reported unauthorized access. Speculation regarding potential for devices to catch fire due to a firmware change is false.
“HP is building a firmware upgrade to mitigate this issue and will be communicating this proactively to customers and partners who may be impacted. In the meanwhile, HP reiterates its recommendation to follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed printers.”
University of Columbia researcher Ang Cul, who was part of a team who originally discovered the flaw, responded with the claim: “If and when HP rolls out a fix, if a printer is already compromised, the fix would be completely ineffective. Once you own the firmware, you own it forever. That’s why this problem is so serious, and so different. This is nothing like fixing a virus on your PC.”
However common firmware practice with electronic devices suggests this to be inaccurate, and commentators on Tech Spot have denied Cul’s assertion.
Categories : Products and Technology