Sign in / up

back to article HP sneaks out printer firebomb firmware security fix

HP has quietly patched a serious security vulnerability that had left its LaserJet printers open to attack by net villains. The security bug, first discovered by researchers at Columbia University, created a means for miscreants to install malware on vulnerable devices simply by uploading new firmware to them over a network or …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. Stuart 22

    Disappointed

    My LaserJet 4L circa 1994/5 is not listed. No firmware update in 17 years. Did they get it right first time (HP was a proper computer company then), or was it all hardcoded?

    Good news is the price of 4L toners is going down. I can't even count the number of other printers I bought and scrapped in the meantime. Bargain!

    1 0
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Simple answer - no

      The simple answer is no - you are not technically safe as firmware updates are just "printed" to your printer over the network. I used to work for a competitor 1995-2000 and can confirm that this same issue is built into ALL the network printers of that era. There was not even a password confirmation required before a firmware update.

      We used to often discuss adding Network Sniffers to the firmware as we knew out kit was in military and government locations.

      Most printers are not connected to the internet, so you are usually safe. Even if a virus did get to your PC and start hunting for a printer, it would still have to exactly match the firmware. And that implies someone has reverse engineered that firmware Really, to do this properly, you would really need access to the firmware source code.

      There are many network connected devices that could suffer in a similar way.

      (I have avoided names here so hopefully this will get past the moderators)

      0 1
  2. Anonymous Coward
    Anonymous Coward

    How stupid

    Question: When was the last time a terrorist remotely set your printer on "melt-down" ???

    Answer: The next time will be the FIRST time.

    1 0
  3. Inachu
    Angel

    I beg to difffer!

    THe low tech way to blow up a HP printer is to buy those after market cartridges.

    Had a few that just spewed color ink all over on the inside.

    Sure its more expensive to stick with HP cartridges but at leat in 20 years not 1 HP cartridge has ever blow up on the inside.

    0 0
    1. Trygve Henriksen
      Reply Icon

      Unless Laser Toner is flammable and distributed in the air in the correct ratio to create a fuel-air explosion, I doubt that after market toners are that dangerous.

      They're a good way to produce shoddy prints, though.

      Being able to set the fuser to 'charbroil', though, and get it to stop with a paper in the middle... Now THAT should get you some attention...

      0 0
  4. Mako

    Anyone else reminded of this?

    http://en.wikipedia.org/wiki/Lp0_on_fire

    0 0
  5. Captain Scarlet

    So my printer won't burst into flames!

    Thank god for that, I was about to set off the fire alarm and run screaming from the office.

    PFU go update firmware NOWS!

    0 0
This topic is closed for new posts.

Other stories you might like