HP Printers Can Steal Data and Set Fire Remotely, Columbia Research Warns
A research team from Columbia University performed a series of tests where they managed to hack a HP printer, install malicious programming and force it to overheat, making it a fire hazard.
Most HP laser printers sold before 2009 come with this danger, and customers need to be aware that leaving their system unprotected can open the door to such attacks, Slashgear reported.
The team showed in a demonstration that the printers could be forced to overheat, the paper would turn brown, begin smoking, but then a thermal switch would automatically flip on and prevent the fire. There is no guarantee, however, that the switch will always work.
What is even more alarming is that the network may be hacked and the printers may send print jobs to other places. This could allow third parties to steal important information from computers, such as bank account numbers.
Hacked firmware can enter a system by printing a document with the tweak embedded. Particularly dangerous is sending a file attached to an email, while some printers can be operated remotely through a direct Internet connection.
Another big problem is that printers that are tampered do not leave clues as to their status, which means that users can be entirely unaware of the malware. Antivirus programs cannot scan a printer’s hardware and that leaves the machines exposed to attacks.
The company was aware of the findings before the report was published, but disagreed that the problem was so severe and could really lead to such consequences.
HP said that its digital firmware signing system limits the update that can be triggered and thus it reduces the chances that the printer will be compromised. However, the Columbia findings confirmed the possibility of these threats, and users will have to know how to protect themselves.
