There is a new report out saying that Hewlett Packard LaserJet printers have a security hole where remote attackers can take control of them and do things such as steal information and run commands that can cause the printer to catch on fire. This security hole was discovered by security researchers Salvatore Stolfo and Ang Cuifrom from Columbia University's School of Engineering.
They say the vulnerability exists in the LaserJet printer's Remote Firmware Update process and that the printers can be tricked into accepting modified firmware from someone with access to the device locally or remotely over the Internet. All this person would need to do is send a malicious print job to compromise the printer.
This flaw can allow attackers to steal documents and use the printer to attack computers that are attached to it over the network as well as send a command causing the fuser to heat up and potentially cause the paper to catch fire.
HP today downplayed the researchers' claims, calling them "sensational and inaccurate." HP also said "While HP has identified a potential security vulnerability with some HP LaserJet printers, no customer has reported unauthorized access". Even though HP downplayed the threat, they are working on a firmware update for the problem.
No comments:
Post a Comment