HP strikes back against printer hack claims

Posted by Trent Nouveau

Hewlett Packard (HP) has issued an official statement in response to a controversial MSNBC report alleging a potential security vulnerability with certain LaserJet printers.

Columbia University professor Salvatore Stolfo told the site that HP printers could theoretically be used as fire starters - if hackers managed to disable various safety protocols by altering default firmware. 

But Hewlett Packard dismissed the claims as baseless.  


HP strikes back against printer hack claims"Speculation regarding potential for devices to catch fire due to a firmware change is false. No customer has reported unauthorized access," HP confirmed. 

"[Our] LaserJet printers have a hardware element called a 'thermal breaker' that is designed to prevent the fuser from overheating or causing a fire. It cannot be overcome by a firmware change or this proposed vulnerability."

Although HP did acknowledge the existence of a potential security vulnerability identified by Stolfo, the company emphasized that certain printers could only be compromised if placed on the Internet without a firewall.

"In a private network, some printers may be vulnerable if a malicious effort is made to modify the firmware of the device by a trusted party on the network... [And] in some Linux or Mac environments, it may be possible for a specially formatted corrupt print job to trigger a firmware upgrade," HP added.



The company also noted that it was coding a firmware upgrade to "mitigate" the issue and recommended users follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed devices.