HP strikes back against printer hack claims
Hewlett Packard (HP) has issued an official statement in response to a controversial MSNBC report alleging a potential security vulnerability with certain LaserJet printers.
Columbia University professor Salvatore Stolfo told the site that HP printers could theoretically be used as fire starters - if hackers managed to disable various safety protocols by altering default firmware. But Hewlett Packard dismissed the claims as baseless.
"Speculation regarding potential for devices to catch fire due to a firmware change is false. No customer has reported unauthorized access," HP confirmed.
"[Our] LaserJet printers have a hardware element called a 'thermal breaker' that is designed to prevent the fuser from overheating or causing a fire. It cannot be overcome by a firmware change or this proposed vulnerability."
Although HP did acknowledge the existence of a potential security vulnerability identified by Stolfo, the company emphasized that certain printers could only be compromised if placed on the Internet without a firewall.
"In a private network, some printers may be vulnerable if a malicious effort is made to modify the firmware of the device by a trusted party on the network... [And] in some Linux or Mac environments, it may be possible for a specially formatted corrupt print job to trigger a firmware upgrade," HP added.
The company also noted that it was coding a firmware upgrade to "mitigate" the issue and recommended users follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed devices.