MSNBC says that the research team first discovered the vulnerability using an HP LaserJet printer, but believe this problem extends to virtually any printer connected to the internet or linked to an internet-connected computer. Researchers claim the printer can be easily taken over and controlled by hackers if the printer if a user prints a document with a virus hidden within.
Printer security flaws have long been theorized, but the Columbia researchers say they’ve discovered the first-ever doorway into millions of printers worldwide. In one demonstration of an attack based on the flaw, Stolfo and fellow researcher Ang Cui showed how a hijacked computer could be given instructions that would continuously heat up the printer’s fuser — which is designed to dry the ink once it’s applied to paper — eventually causing the paper to turn brown and smoke.
In that demonstration, a thermal switch shut the printer down — basically, causing it to self-destruct — before a fire started, but the researchers believe other printers might be used as fire starters, giving computer hackers a dangerous new tool that could allow simple computer code to wreak real-world havoc.
The researchers believe that its nearly impossible to rid an infected printer of malware once infected (short of taking out the embedded components entirely), and are making tech doomsday predictions that the entire world will have to throw their old printers out (which will almost certainly never happen). HP, for their part, says that these vulnerabilities are popping up on older printer models, and that newer devices have firmware with more stringent security measures built in. Maybe this is why they want webOS on their printers so bad. [MSNBC]
Image: photographer2222/Shutterstock
Paul
Wednesday, November 30, 2011 at 11:12 AM“A fake upgrade could easily be attached to a file sent over the internet, directly to a device”
Assuming you can find a HP printer with a public IP – who the hell gives their printer a public IP anyway?
Which is why no one worried about it back in 2000 when it was first discovered, and the file needs to be a PCL file as well which will not open on on it’s own. The file must be sent via Ftp to the printer directly, you can’t just open the file and select print.