HP LaserJet Printers Have Serious Security Flaws Said Columbia University Researchers

Columbia University Researchers have discovered a vulnerability in some Hewlett-Packard (HP) LaserJet printer lines that could allow attackers to install a modified firmware to steal information, run attacks from within a network or cause physical damage to the printer.
Attacks can be carried out from different vectors. Printers that support a remote firmware update process could allow attackers to take control of a printer’s firmware over the Internet in less than a minute if the printer is not protected properly by a firewall. The researchers during a scan were able to find more than 40,000 devices that they said could be infected within minutes.

Local attacks are another possibility. The researchers were able to send print commands from Macintosh and Linux computer systems to trick the printer into reprogramming itself. It is not clear at the time of writing if Windows environments are safe or also affected by this.
Printers that the researchers analyzed do not verify the source of the firmware with the help of digital signatures. A HP spokesperson stated that all modern HP printers do require digitally signed firmware upgrades since 2009. Even worse for consumers and companies, there is no way of telling if a printer’s firmware has bee compromised short from physically disassembling the printer and analyzing its chipset output.
According to RedTape, HP is currently analyzing the claims made by the researchers. HP could release a firmware update of their own to resolve the vulnerability. Compromised printers however may have been programmed to block new firmware updates. That’s bad on the one hand as companies would have to throw away the printer in this case (or talk to HP to find a solution) and good in another as they have just identified a compromised printer in their network. The researchers have started analyzing printers manufactured by other companies recently but no results have been posted yet. They say it is likely that printers and other devices with Internet access are also vulnerable.


Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Categories: ,


Post a Comment

Related Posts Plugin for WordPress, Blogger...