Skip to main content
The VergeThe Verge logo.The Verge homepage
The VergeThe Verge logo.

Filed under:

    HP LaserJet printer vulnerability: what you need to know

    By Thomas Ricker, a deputy editor and Verge co-founder with a passion for human-centric cities, e-bikes, and life as a digital nomad. He’s been a tech journalist for almost 20 years.

    Share this story

    Researchers at Columbia University say millions of HP LaserJet printers are vulnerable to infected print jobs. Ang Cui and Salvatore Stolfo demonstrated an exploit whereby the duo could send virus-laden print jobs to a recently purchased LaserJet to overwrite the firmware and take control of the printer. HP has confirmed the exploit but claims the risk is not as great as the original MSNBC story characterized it, and has promised a firmware fix.

    • Thomas Ricker

      Nov 29, 2011

      Thomas Ricker

      HP confirms LaserJet vulnerability, promises firmware fix

      HP LaserJet
      HP LaserJet

      HP just issued a statement saying it "refutes inaccurate claims" made in today's MSNBC report detailing a vulnerability in LaserJet printers that was exploited by Columbia University researchers Ang Cui and Salvatore Stolfo. HP confirms that there's a potential vulnerability in LaserJet printers and promises a firmware update to "mitigate" the issues, but the company also says that "no customer has reported unauthorized access" and that it's not possible to set a fire by exploiting the vulnerability because of the printer's thermal control hardware.

      What's more, while HP says it's possible for a specially formatted print job from Linux of Mac machines to trigger a malicious firmware update, the company doesn’t say anything about Windows environments — which is obviously of great importance to the enterprise customers that most deploy LaserJets. We'll see what happens next; HP is obviously taking this story very seriously.

      Read Article >
    • Thomas Ricker

      Nov 29, 2011

      Thomas Ricker

      HP LaserJet printers pose massive security risk, say Columbia University researchers

      HP laserjet
      HP laserjet

      One demonstration by the duo involved infecting a printer through a virus-laden print job. A tax return sent to the infected printer was then surreptitiously forwarded to a remote computer posing as a hacker's workstation. A second, more alarming demonstration showed a hijacked computer sending instructions to continuously heat up the printer's fuser until smoke appeared and the printer's thermal switch shut it down.

      While the flaw does not affect HP's InkJet printers commonly used in homes, millions of LaserJets sold to businesses since 1984 could be vulnerable. To make matters worse, a printer, which is almost always categorized as a trusted device could be turned into a platform to launch attacks within corporate networks. A problem exacerbated by the advent of new HP printers that accept jobs from the Internet.

      Read Article >