As if computer owners didn’t have enough to worry over with new viruses being created every year, a new threat was recently revealed to make us all pause for thought before printing a job. Following rigorous tests, researchers at Columbia University announced that ‘tens of millions’ of HP LaserJet printers are vulnerable to being hacked. Needless to say, the moment the news hit the internet an intense debate was ignited.
What exactly did the Columbia University researchers discover? Basically, a weakness in HP LaserJet printers that allows remote hackers to utilise their firmware update capabilities to install their own malignant firmware. While the researchers only used HP printers in their study, there is every reason to believe the same weakness could be exploited in other printers.
The researchers highlighted the shocking fact that when a print job is sent to an HP LaserJet the printer automatically scans the job to check for included firmware updates. The problem stems from the fact that the printer doesn’t verify the source or perform a security check before automatically installing it. This means that hackers can install their own software on HP printers by reverse engineering HP firmware updates.
Incredibly, the Columbia University researchers succeeded in hacking a printer’s fuser, manipulating the heating element that bonds the toner to the paper to overheat and set the paper alight! This rather extreme example was very worrying, but just as troubling was another example in which firmware created by the researchers succeeded in detecting when tax returns were being printed and forwarding Social Security numbers to a Twitter feed.
Hackers are famed for their technical ingenuity, which seems to evolve alongside or a few steps ahead of computer security experts. Whenever a weak spot is discovered in computer technology there is an initial panic period during which security teams within corporations scramble to address the problem.
Unfortunately, it’s normally a successful criminal act that exposes an issue. While the printer hacking problem has been identified by researchers, there is no way to tell whether printers currently in homes and businesses have already been hacked. Far from scaremongering, the researchers have simply released their findings feeling they have a moral obligation to highlight a potential problem.
What has been the response from HP? Regarding the printer fuser hack, HP put out a statement declaring that HP printers have a built in thermal breaker specially designed to prevent printers from dangerously overheating. The thermal breaker cannot be altered by any firmware updates, official or malignant.
However, it remains worrying that HP printers can be so easily hacked. HP was unable to deny that their printers were susceptible to the type of hacking attacks carried out by the Columbia University researchers. In fact, their announcement that they were busy developing a firmware upgrade to address the issue served to show how seriously they were taking the troubling research findings.
So what is the potential that some home and work printers have already been hacked? It has to be said that to date there have been no reports of hacked printers. The best defence against such issues are the antivirus programs and firewalls in place on home and work computers, which should be updated regularly. These prevent IP addresses from been shared with potential hackers.
It can only be hoped that all printer companies follow the lead of HP and take notice of the findings revealed by the Columbia university researchers, taking the necessary action of implementing some form of firmware update that addresses the problem head on. It has only been a couple of weeks since this potential problem was highlighted, so concerned computer users at home and in the workplace should keeps their eyes on the web for important future updates.
Article written by PrintExpress.co.uk - London based print house, specializing in booklet, postcard, magazine, leaflet and business card printing.