Thanks to a security flaw, tens of millions of Hewlett-Packard LaserJet printers may be vulnerable to remote hijacking. A team of researchers from Columbia University claims that hackers may be able to control these printers from afar and — rather horrifyingly — even set them on fire. Here's what you should know:
How could hackers control my printer?
Security experts have long theorized that printers could be exploited just like any other device connected to the internet. "Each time the printer accepts a print job from a computer," it also looks for software updates, says Kim Zetter at Wired. And these HP printers don't "require a digital signature to verify that an upgrade is authentic." That means "attackers can send specially crafted files to the printer that contain malicious code." In a live demonstration, Columbia researchers quickly searched the web and found 40,000 devices that could be prone to infection.
What could hackers do once they're in?
In one demonstration, the researchers sent "instructions that would continuously heat up the printer's fuser — which is designed to dry ink once it's applied to paper — eventually causing the paper to turn brown and smoke," says Bob Sullivan at MSNBC. In that demonstration, the printer's thermal switch shut down the machine before a real fire could start, but researchers believe other printers are more vulnerable.
Are there other concerns?
Yes, including the risk of identity theft. For instance, if you left your tax forms in your device's scanner, a hacker could potentially copy them. But the real vulnerability, researchers say, is that "printers on a computer network are nearly always trusted by other computers." A hacked printer "could act as a beachhead to attack a company's network that was otherwise protected by a firewall."
What does HP say?
In a press release, the company blasted these revelations as "sensational and inaccurate," and said that "no customer has reported unauthorized access." HP also said that all its printers have thermal switches that would prevent fires. Still, HP did confirm the existence of a potential vulnerability. "In other words," says Jason Mick at Daily Tech, "HP admits that its printers could, in theory, be taken over by hackers, but it doesn't believe that to have happened yet."