Hot printer you’ve got there.

Is that smoke coming from your HP LaserJet printer? If you believe a group of researchers from Colombia University it could happen and it may not only be smoke escaping. The researchers discovered some HP printers are not all that discriminating when it comes to the updates they allow to their firmware. Firmware is a fixed, usually small, program that internally controls a device like a printer.

The researchers were able to take advantage of the remote firmware update feature of the printers and load malicious software allowing them to then take control. What can someone do once they have control of your printer? The researchers were able to send copies of items being printed to remote computers, disable the printer and even continuously heat up its ink-drying component until it started to catch fire. HP denies the “catch fire” part but not the “ send your private info all over the world” part.

HP released a number of firmware updates which require patches be digitally signed by HP so not just any old “researcher” can send updates. Unfortunately, HP has not released a list of the printers needing this fix, stating it will be “communicating this proactively to customers and partners”, whatever that means.

We cross referenced all the printers in the offices for which we provide security monitoring services and found these to have Firmware patches released on the 23rd: HP Color LaserJet CP4020 and HP Color LaserJet CP1510.

If you have these printers be sure to get the firmware updated from here: http://www8.hp.com/us/en/support-drivers.html

Also, it is imperative your printer be on the “clean” side of your firewall to insure not just anyone can try and push it updates. If you are unsure of this or have no clue as to what this means, have it verified by an IT/Security professional.

Sources: TheHackerNews.com and MercuryNews.com

Advertisements

About securitysnapshot

Security Snapshot LLC is a computer and information security company helping concerned business owners protect their reputation and their client's private and personal information.
This entry was posted in Small Business Security Tips, Software Patches. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s