HP LaserJet printer vulnerability: what you need to know
Researchers at Columbia University say millions of HP LaserJet printers are vulnerable to infected print jobs. Ang Cui and Salvatore Stolfo demonstrated an exploit whereby the duo could send virus-laden print jobs to a recently purchased LaserJet to overwrite the firmware and take control of the printer. HP has confirmed the exploit but claims the risk is not as great as the original MSNBC story characterized it, and has promised a firmware fix.
HP releases firmware fix for laserjet printer exploit
Give HP kudos for timeliness: less than a month after Columbia University researchers shared a worrisome lack of security surrounding firmware updates on the company's line of laserjet printers, a fix is now available for affected models. If you'll recall, Ang Cui and Salvatore Stolfo made headlines by revealing that attaching a virus to a print job on a vulnerable device could provide full access to an intruder, allowing sensitive content to be intercepted and even giving those with the most...
HP confirms LaserJet vulnerability, promises firmware fix
HP just issued a statement saying it "refutes inaccurate claims" made in today's MSNBC report detailing a vulnerability in LaserJet printers that was exploited by Columbia University researchers Ang Cui and Salvatore Stolfo. HP confirms that there's a potential vulnerability in LaserJet printers and promises a firmware update to "mitigate" the issues, but the company also says that "no customer has reported unauthorized access" and that it's not possible to set a fire by exploiting the...
HP LaserJet printers pose massive security risk, say Columbia University researchers
MSNBC is reporting a security flaw that could affect millions of HP LaserJet printers. According to Ang Cui and Salvatore Stolfo of Columbia University, the issue stems from the fact that the HP LaserJet printers tested do not require a signature or certificate to identify the source of remote software updates. Knowing this, Cui and Stolfo are able to exploit the fact that every time a LaserJet accepts a new job it checks for an included software update.
One demonstration by the duo...
