Delmarva Document Solutions
> Cambridge
> Salisbury
> Elkton

New Study Shows HP Printers Vulnerable to Attack!!!

Submitted by Jennifer Atchison on Tue, 12/06/2011 - 13:46

An MSNBC blog has published the recent findings of a study from Columbia University saying millions of HP printers are vulnerable to a "devastating hack attack". In essence, the vulnerability is that the LaserJet (InkJet not vulnerable) printers made before 2009 (according to HP) do not check digital signatures before installing a firmware update. Thus, a specially crafted version of firmware could be remotely installed by creating a crafted printjob including the new firmware version. The researchers demonstrated overheating a fuser to simulate what kind of physical destruction could incur (it charred the paper but was shut off by a safety before a fire started). Long story short, for an embedded system (or any system for that matter) if you can rewrite the Operating System you can control the device and make it do all sorts of unintended things.

This isn't the first time HP LaserJet printers have had vulnerabilities, though this is the first time (that I recall at least) of using the firmware to do it. I think the severity of this vector is worth noting, particularly for organizations that operate highly secure environments.

The study is a helpful reminder that even devices we don't think of as computers can be hacked and do things we don't intend and compromise our security.

With Xerox's enhanced security features, this type if intrusion would not be possible on our Multifunction Units. For more information on our security features, please check out: http://www.xerox.com/information-security/product-security/enus.html

The MSNBC Report:

http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say