Hackers Now Likely to Set Your Printer on Fire from Afar, Researchers Warn
Hackers Now Likely to Set Your Printer on Fire from Afar, Researchers Warn
Posted 11/29/2011 at 10:39am
| by Paul Lilly
4
Comments
Print
Not only could a hacker from the opposite side of the globe take control of your printer and issue instructions that could ultimately set the thing on fire, but it's very likely to happen, along with a host of other misdeeds, and it's all thanks to a new class of computer security flaws that has the potential to wreak havoc with businesses, with consumers, and yes, government agencies too.
Researchers at Columbia University told MSNBC about the recently discovered security flaws that cyber crooks can use to remotely control computer printers over the Internet, even ones sitting behind an otherwise secure network. The flaw applies to Hewlett-Packard's LaserJet printer lines, and maybe other models as well. One of the things that's particularly alarming about this is that there's no way to tell if the flaw's been exploited.
There's no easy way to fix the vulnerability either, according to the team of researches who have been working in secret for several months in an electronics lab funded by government and industry grants. HP is aware of the team's findings of a "crystal clear" flaw that has to do with firmware. In a demonstration of how it works, researchers sent instructions to a printer that heated up its fuser -- that part that's supposed to dry ink after it's printed on paper -- until the paper turned brown and started to smoke. Scary stuff.
MSNBC's article goes into a lot more detail and is a bit long as a result, but worth the read here.
More like this
4
Comments
Comments are closed on this article
biggiebob12345
November 29, 2011 at 6:38pm
I do have a modern HP Laserjet (they're reliable as all hell....still have a working one from 1994). Someone at HP forgot that it isn't a good idea to let a user execute core system commands like only turning on the fuser. Calibration/Cleaning/Printing should all be self-contained functions that makes it so the user can ONLY print a document and do nothing else.
It would be interesting though if this is in the vein of an injection attack where you can "print" a certain document that breaks out of the printer firmware's print routine and executes commands.
aarcane
November 29, 2011 at 4:02pm
So I'm confused. How do these crackers connect to the printer THROUGH the firewall to connect to these printers to issue the commands? a LITTLE detail is a good thing here, MaxPC.
Markitzero
November 29, 2011 at 2:48pm
I have a OKI B4300 B/W Laser Printer, I have always turned off the Printer every time I am done or is that just me.
Vernak
November 29, 2011 at 11:29am
It is stories like this that make me afraid of cybernetic implants in the future. I'd rather not have the code in my Deus Ex arms compromised and instructed to eject from my shoulders while driving at high speeds.
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy1 day 14 hours ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj1 day 14 hours ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E3 days 11 hours ago
