HP Throws Cold Water on Printer-Hacking Fire Claims
Earlier this week, MSNBC ran an article suggesting that HP LaserJet printers were literally red-hot commodities. But the truth appears to be considerably less alarming.
Security Researchers Claim Fire Risk
First, the report: According to Columbia University researchers, at least some LaerJet models make it way too easy to perform unauthorized firmware "updates." Hackers could, in theory, take control of a printer by uploading malicious firmware to it. They could also -- again in theory -- get up to all kinds of mischief with the compromised printer.
The MSNBC article, which describes the flaw as "devastating," even suggested that a hacker could cause a printer to catch fire by forcing it to overheat.
It's an, umm, incendiary report, given the millions of LaserJet printers in use at businesses around the world. But is it accurate?
"[Our] LaserJet printers have a hardware element called a 'thermal breaker' that is designed to prevent the fuser from overheating or causing a fire," said the company in a statement. "It cannot be overcome by a firmware change or this proposed vulnerability."
No Reports of Attacks -- or Fires
HP also says it has not received any reports of unauthorized access linkes to a LaserJet firmware hack, much less reports of fires caused by malicious firmware updates.
There does appear to be a security vulnerability, and HP says it's working on a firmware upgrade to address the issue. But the best protection is to do what you should be doing anyway -- running your networked printers behind a firewall.
It's never a good idea to run any networked device on the open Internet, and that includes printers. Put a firewall between your hardware and the bad guys, and the odds of getting hacked go way down.
As for the MSNBC report, it illustrates something that I see a lot when it comes to tech security issues: There's often cause for concern, but almost never reason to panic. That's definitely the case here.
