Is that smoke coming from your HP LaserJet printer? If you believe a group of researchers from Colombia University it could happen and it may not only be smoke escaping. The researchers discovered some HP printers are not all that discriminating when it comes to the updates they allow to their firmware. Firmware is a fixed, usually small, program that internally controls a device like a printer.
The researchers were able to take advantage of the remote firmware update feature of the printers and load malicious software allowing them to then take control. What can someone do once they have control of your printer? The researchers were able to send copies of items being printed to remote computers, disable the printer and even continuously heat up its ink-drying component until it started to catch fire. HP denies the “catch fire” part but not the “ send your private info all over the world” part.
HP released a number of firmware updates which require patches be digitally signed by HP so not just any old “researcher” can send updates. Unfortunately, HP has not released a list of the printers needing this fix, stating it will be “communicating this proactively to customers and partners”, whatever that means.
We cross referenced all the printers in the offices for which we provide security monitoring services and found these to have Firmware patches released on the 23rd: HP Color LaserJet CP4020 and HP Color LaserJet CP1510.
If you have these printers be sure to get the firmware updated from here: http://www8.hp.com/us/en/support-drivers.html
Also, it is imperative your printer be on the “clean” side of your firewall to insure not just anyone can try and push it updates. If you are unsure of this or have no clue as to what this means, have it verified by an IT/Security professional.
Sources: TheHackerNews.com and MercuryNews.com