Thanks to a security flaw, tens of millions of Hewlett-Packard LaserJet printers may be vulnerable to remote hijacking. A team of researchers from Columbia University claims that hackers may be able to control these printers from afar and — rather horrifyingly — even set them on fire. Here's what you should know:
How could hackers control my printer?
Security experts have long theorized that printers could be exploited just like any other device connected to the internet. "Each time the printer accepts a print job from a computer," it also looks for software updates, says Kim Zetter at Wired. And these HP printers don't "require a digital signature to verify that an upgrade is authentic." That means "attackers can send specially crafted files to the printer that contain malicious code." In a live demonstration, Columbia researchers quickly searched the web and found 40,000 devices that could be prone to infection.
What could hackers do once they're in?
In one demonstration, the researchers sent "instructions that would continuously heat up the printer's fuser — which is designed to dry ink once it's applied to paper — eventually causing the paper to turn brown and smoke," says Bob Sullivan at MSNBC. In that demonstration, the printer's thermal switch shut down the machine before a real fire could start, but researchers believe other printers are more vulnerable.
Are there other concerns?
Yes, including the risk of identity theft. For instance, if you left your tax forms in your device's scanner, a hacker could potentially copy them. But the real vulnerability, researchers say, is that "printers on a computer network are nearly always trusted by other computers." A hacked printer "could act as a beachhead to attack a company's network that was otherwise protected by a firewall."
What does HP say?
In a press release, the company blasted these revelations as "sensational and inaccurate," and said that "no customer has reported unauthorized access." HP also said that all its printers have thermal switches that would prevent fires. Still, HP did confirm the existence of a potential vulnerability. "In other words," says Jason Mick at Daily Tech, "HP admits that its printers could, in theory, be taken over by hackers, but it doesn't believe that to have happened yet."
THE WEEK'S AUDIOPHILE PODCASTS: LISTEN SMARTER
- America created the Islamic State of Iraq and Syria? Meet the ISIS 'truthers'
- How American businessmen are ruining American business — and the U.S. economy
- The Obama era is over. The presidency continues.
- Russia's giant spy ship was a high-tech disaster waiting to happen
- What would a U.S.-Russia war look like?
- On ISIS, neocons and liberal hawks have a 'boy who cried wolf' problem
- How Harry Houdini escaped death
- Fall movie guide: All the films you should see in September
- The 10 best networking tips for people who hate networking
- 10 things you need to know today: September 2, 2014
Subscribe to the Week