April 2, 2012
72 variants of LaserJet printers are at potential risk of unauthorised access.
Technology website PCMag has reported on an email currently distributed by HP warning printer owners of a flaw that could allow unauthorised access by hackers.
HP states that “a potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorised printer firmware”, although further information is not included.
The OEM notes that susceptible LaserJet printers may have unofficial firmware remotely installed if “on a Public Internet without a firewall, or for LaserJet devices in a private network, if a malicious effort is made by a party on the private network to modify the firmware of the device”.
Although the printer manufacturer recommends having the printer’s Remote Firmware Update capability disabled, a number of LaserJet printers will require a further update before this option is available.
Other printer model employ code verification software to ensure firmware updates are not malicious, although a number of LaserJet printers will yet require a further firmware update before this security measure can be implemented.
A list of susceptible products is available here, which lists 72 LaserJet printers as at risk from the unofficial firmware.
HP has suffered a number of security setbacks in recent months, as printer and MFP security becomes an increasingly prevalent consideration for owners and businesses. A class action suit was launched against the OEM when a flaw that may result in combustion was discovered by the University of Columbia, and security firm SophosLabs urges vigilance against an email claiming to originate from an HP OfficeJet printer that has been extensively circulating the internet.
Categories : Around the Industry