Millions of Printers Open to Exploits That Could Light Them on Fire

In a world where more and more things are getting connected to the Internet, it’s getting more and more important to focus on security for things that aren’t traditional computers. I’m not just talking smartphones and tablets, but things like cars, prison security systems, and printers. According to researchers at Columbia University, tens of millions of printers have firmware vulnerabilities that make them super hackable. But what’s the worst a hacker could do to a printer? How about set it on fire.

Recommended Videos

Columbia professor Salvatore Stolfo has been investigating the subject and and says “The research on this is crystal clear.  The impact of this is very large. These devices are completely open and available to be exploited.” It turns out that as printer companies have been trying to cram more functionality into the devices, they’ve been giving them capabilities that are more and more like a traditional computer. The problem is that printer security hasn’t been growing along with printer functionality, which leaves us where we are right now.

Stolfo has identified an issue with HP LaserJet printers, one of the best selling models for business use, that allows hackers to push unofficial firmware updates to the machine, causing it to do all sorts of things. Before printing a job, HP LaserJets will go out onto the Internet to see if they need to pick up a firmware update before printing. The issue is that the printers don’t discriminate based on source, so anyone with the technical know-how can trick the printers into accepting the bogus update, and the printer can’t or won’t do anything to stop it.

What kind of effects could this have? Well, the most spectacular example Stolfo has shown off is the ability to make the printer melt down, smoke, and potentially catch fire. Using the bogus firmware trick, he can get the printer to overheat its fuser — the component used to dry ink — until it melts. Granted, most printers have a thermal switch installed to keep the thing from actually bursting into literal flames, but it’s still pretty intense.

There are more subtle applications as well. In another demonstration, an infiltrated printer was used to copy printed documents and send them off to hackers. In this case, tax returns being printed on an infected device were copied and sent off to hackers where they could be scanned for information like social security numbers. And of course, any hackers who wanted to just disable printers in an entirely mundane fashion could do that as well, easily.

HP, as you might expect, is being cagey about the exploits, for the moment. They report that they’re still investigating the exploits and won’t comment on the existence, or implications, of the vulnerabilities until they are 100% sure they actually exist. When they inevitably do find out they exist, they’ll surely roll out a fix, but there’s one more little thing to consider: Any printers that are already compromised are compromised for good. Once you’ve updated firmware on a device, it’s trival to block any further updates, official or not. So while HP may be able to put a stop to any further infection, they can’t fix any that have already happened. Of course, there are no reported cases of hacked printers, but a hacked printer is notoriously hard to detect. Better hope your printer isn’t sitting over there, plotting to ruin you. At the moment, there’s not all that much you can do to stop it.

(via Red Tape)

Relevant to your interests


The Mary Sue is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more
related content
Read Article ‘Mamma Mia!’ Star Sara Poyzer Says a BBC Production Replaced Her With AI
Sara Poyzer performs at the Magic at the Musicals event in 2019
Read Article In Moment of Unbelievable Irony, Midjourney Accuses Stability AI of Image Theft
Spider-Man pointing at another Spider-Man, who is pointing back.
Read Article Elon Musk May Be the Lesser of Two Evils in This Legal Battle With OpenAI
Elon Musk at the 2022 Met Gala
Read Article A.I. Scammers Are Impersonating Real Authors to Sell Fake Books
A robotic hand holds a pencil.
Read Article Sexist Trolls Drive Away Twitch’s Top Female Streamer After 10 Years
Imane "Pokimane" Anys at the 2023 Green Carpet Fashion Awards
Related Content
Read Article ‘Mamma Mia!’ Star Sara Poyzer Says a BBC Production Replaced Her With AI
Sara Poyzer performs at the Magic at the Musicals event in 2019
Read Article In Moment of Unbelievable Irony, Midjourney Accuses Stability AI of Image Theft
Spider-Man pointing at another Spider-Man, who is pointing back.
Read Article Elon Musk May Be the Lesser of Two Evils in This Legal Battle With OpenAI
Elon Musk at the 2022 Met Gala
Read Article A.I. Scammers Are Impersonating Real Authors to Sell Fake Books
A robotic hand holds a pencil.
Read Article Sexist Trolls Drive Away Twitch’s Top Female Streamer After 10 Years
Imane "Pokimane" Anys at the 2023 Green Carpet Fashion Awards
Author