Thanks to a security flaw, tens of millions of Hewlett-Packard LaserJet printers may be vulnerable to remote hijacking. A team of researchers from Columbia University claims that hackers may be able to control these printers from afar and — rather horrifyingly — even set them on fire. Here's what you should know:
How could hackers control my printer?
Security experts have long theorized that printers could be exploited just like any other device connected to the internet. "Each time the printer accepts a print job from a computer," it also looks for software updates, says Kim Zetter at Wired. And these HP printers don't "require a digital signature to verify that an upgrade is authentic." That means "attackers can send specially crafted files to the printer that contain malicious code." In a live demonstration, Columbia researchers quickly searched the web and found 40,000 devices that could be prone to infection.
What could hackers do once they're in?
In one demonstration, the researchers sent "instructions that would continuously heat up the printer's fuser — which is designed to dry ink once it's applied to paper — eventually causing the paper to turn brown and smoke," says Bob Sullivan at MSNBC. In that demonstration, the printer's thermal switch shut down the machine before a real fire could start, but researchers believe other printers are more vulnerable.
Are there other concerns?
Yes, including the risk of identity theft. For instance, if you left your tax forms in your device's scanner, a hacker could potentially copy them. But the real vulnerability, researchers say, is that "printers on a computer network are nearly always trusted by other computers." A hacked printer "could act as a beachhead to attack a company's network that was otherwise protected by a firewall."
What does HP say?
In a press release, the company blasted these revelations as "sensational and inaccurate," and said that "no customer has reported unauthorized access." HP also said that all its printers have thermal switches that would prevent fires. Still, HP did confirm the existence of a potential vulnerability. "In other words," says Jason Mick at Daily Tech, "HP admits that its printers could, in theory, be taken over by hackers, but it doesn't believe that to have happened yet."
THE WEEK'S AUDIOPHILE PODCASTS: LISTEN SMARTER
- Here's the schedule very successful people follow every day
- What would a U.S.-Russia war look like?
- A gay Mormon's complicated journey
- Why you should really take a nap this afternoon, according to science
- The biggest lesson Obama failed to learn from Bush
- Why you shouldn't eat dog. Not even once.
- 7 things the world's happiest people do every day
- How social conservatives became a minority in need of protection
- This Indian meal service is so efficient it's the envy of FedEx
- How to flirt, according to science
Subscribe to the Week