Thanks to a security flaw, tens of millions of Hewlett-Packard LaserJet printers may be vulnerable to remote hijacking. A team of researchers from Columbia University claims that hackers may be able to control these printers from afar and — rather horrifyingly — even set them on fire. Here's what you should know:
How could hackers control my printer?
Security experts have long theorized that printers could be exploited just like any other device connected to the internet. "Each time the printer accepts a print job from a computer," it also looks for software updates, says Kim Zetter at Wired. And these HP printers don't "require a digital signature to verify that an upgrade is authentic." That means "attackers can send specially crafted files to the printer that contain malicious code." In a live demonstration, Columbia researchers quickly searched the web and found 40,000 devices that could be prone to infection.
What could hackers do once they're in?
In one demonstration, the researchers sent "instructions that would continuously heat up the printer's fuser — which is designed to dry ink once it's applied to paper — eventually causing the paper to turn brown and smoke," says Bob Sullivan at MSNBC. In that demonstration, the printer's thermal switch shut down the machine before a real fire could start, but researchers believe other printers are more vulnerable.
Are there other concerns?
Yes, including the risk of identity theft. For instance, if you left your tax forms in your device's scanner, a hacker could potentially copy them. But the real vulnerability, researchers say, is that "printers on a computer network are nearly always trusted by other computers." A hacked printer "could act as a beachhead to attack a company's network that was otherwise protected by a firewall."
What does HP say?
In a press release, the company blasted these revelations as "sensational and inaccurate," and said that "no customer has reported unauthorized access." HP also said that all its printers have thermal switches that would prevent fires. Still, HP did confirm the existence of a potential vulnerability. "In other words," says Jason Mick at Daily Tech, "HP admits that its printers could, in theory, be taken over by hackers, but it doesn't believe that to have happened yet."
THE WEEK'S AUDIOPHILE PODCASTS: LISTEN SMARTER
- How academia's liberal bias is killing social science
- 43 TV shows to watch in 2014
- Why Pakistan won't hunt down the terrorists within its borders
- How to be the most productive person in your office — and still get home by 5:30 p.m.
- Diagnosing the Home Alone burglars' injuries: A professional weighs in
- A brief history of the Christmas present
- Pope Francis' American problem
- The real story behind Deliver Us From Evil
- Hey, bosses: Stop giving bonuses to your employees
- Alien conspiracy theorists think the government is on the verge of spilling big secrets
Subscribe to the Week