Not so fast says Hewlett Packard. That was the computer industry giant’s reaction after researchers showed a series of attack methods that rely on vulnerabilities found in HP LaserJet printers that could potentially lead to the printer catching fire.
So far, the company said no customers reported anything that would indicate a device catching on fire as a result of a malevolent software update.
HP was reacting to a report from two Columbia University researchers that said there is a vulnerability in HP LaserJet printers that could allow a hacker to remotely control it to launch cyber attacks, steal information that’s being printed and even instruct its mechanical components to overload until the device catches on fire.
The flaw not only affects HP printers, but also other devices utilized by millions of individuals and companies that considered them safe, said Columbia researchers Ang Cui and Salvatore Stolfo.
“HP LaserJet printers have a hardware element called a ‘thermal breaker’ that is designed to prevent the fuser from overheating or causing a fire. It cannot be overcome by a firmware change or this proposed vulnerability,” HP said in a statement.
On the other hand, the company said some of the vulnerabilities that could allow unauthorized access may be plausible, but the attack only works on machines placed in a public network that doesn’t benefit from a firewall.
“In a private network, some printers may be vulnerable if a malicious effort is made to modify the firmware of the device by a trusted party on the network. In some Linux or Mac environments, it may be possible for a specially formatted corrupt print job to trigger a firmware upgrade,” the statement adds.
While HP keeps stating the attacks would only work on Mac and Linux systems, printers connected to Windows devices not being susceptible to an attack, in reality, a Windows-running machine could always be fitted with a Linux partition from where the attack could take place.