Thanks to a security flaw, tens of millions of Hewlett-Packard LaserJet printers may be vulnerable to remote hijacking. A team of researchers from Columbia University claims that hackers may be able to control these printers from afar and — rather horrifyingly — even set them on fire. Here's what you should know:
How could hackers control my printer?
Security experts have long theorized that printers could be exploited just like any other device connected to the internet. "Each time the printer accepts a print job from a computer," it also looks for software updates, says Kim Zetter at Wired. And these HP printers don't "require a digital signature to verify that an upgrade is authentic." That means "attackers can send specially crafted files to the printer that contain malicious code." In a live demonstration, Columbia researchers quickly searched the web and found 40,000 devices that could be prone to infection.
What could hackers do once they're in?
In one demonstration, the researchers sent "instructions that would continuously heat up the printer's fuser — which is designed to dry ink once it's applied to paper — eventually causing the paper to turn brown and smoke," says Bob Sullivan at MSNBC. In that demonstration, the printer's thermal switch shut down the machine before a real fire could start, but researchers believe other printers are more vulnerable.
Are there other concerns?
Yes, including the risk of identity theft. For instance, if you left your tax forms in your device's scanner, a hacker could potentially copy them. But the real vulnerability, researchers say, is that "printers on a computer network are nearly always trusted by other computers." A hacked printer "could act as a beachhead to attack a company's network that was otherwise protected by a firewall."
What does HP say?
In a press release, the company blasted these revelations as "sensational and inaccurate," and said that "no customer has reported unauthorized access." HP also said that all its printers have thermal switches that would prevent fires. Still, HP did confirm the existence of a potential vulnerability. "In other words," says Jason Mick at Daily Tech, "HP admits that its printers could, in theory, be taken over by hackers, but it doesn't believe that to have happened yet."
THE WEEK'S AUDIOPHILE PODCASTS: LISTEN SMARTER
- 3 horrific inaccuracies in Homeland's depiction of Islamabad
- 43 TV shows to watch in 2014
- How to be the most productive person in your office — and still get home by 5:30 p.m.
- Gamergate has backfired spectacularly on its nincompoop perpetrators
- Rise of the machines
- 6 things the happiest families all have in common
- Ban PowerPoint!
- The uncomfortable truth in The Giving Tree
- Uncle Sam wants you to stay away from these countries
- Why I quit my corporate job to become a work-from-home dad
Subscribe to the Week