The Verge - HP LaserJet printer vulnerability: what you need to knowhttps://cdn.vox-cdn.com/community_logos/52801/VER_Logomark_32x32..png2011-12-24T15:18:01-05:00http://www.theverge.com/rss/stream/23610112011-12-24T15:18:01-05:002011-12-24T15:18:01-05:00HP releases firmware fix for laserjet printer exploit
<figure>
<img alt="HP LaserJet " src="https://cdn.vox-cdn.com/thumbor/gtObU0pB1aV4PDnDkWsmanC5tBY=/0x103:994x766/1310x873/cdn.vox-cdn.com/assets/807327/HP_LaserJet_ProP1606dn_copy.jpeg" />
<figcaption>HP LaserJet </figcaption>
</figure>
<p>Give <a class="sbn-auto-link" href="http://www.theverge.com/products/brands/hp/36">HP</a> kudos for timeliness: less than a month after Columbia University researchers <a href="http://www.theverge.com/2011/11/29/2596970/hp-laserjet-printer-vulnerability">shared a worrisome lack of security</a> surrounding firmware updates on the company's line of laserjet printers, a fix is now available for affected models. If you'll recall, Ang Cui and Salvatore Stolfo made headlines by revealing that attaching a virus to a print job on a vulnerable device could provide full access to an intruder, allowing sensitive content to be intercepted and even giving those with the most malicious of intent a way to overheat the fuser within. For its part, HP steadfastly denied the possibility of fire or an explosion, assuring consumers that the built-in thermal breaker is there for the specific purpose of preventing such hazards....</p>
<p>
<a href="https://www.theverge.com/2011/12/24/2659385/hp-firmware-fix-laserjet-vulnerability">Continue reading…</a>
</p>
https://www.theverge.com/2011/12/24/2659385/hp-firmware-fix-laserjet-vulnerabilityChris Welch2011-11-29T15:36:34-05:002011-11-29T15:36:34-05:00 HP confirms LaserJet vulnerability, promises firmware fix
<figure>
<img alt="HP LaserJet " src="https://cdn.vox-cdn.com/thumbor/gtObU0pB1aV4PDnDkWsmanC5tBY=/0x103:994x766/1310x873/cdn.vox-cdn.com/assets/807327/HP_LaserJet_ProP1606dn_copy.jpeg" />
<figcaption>HP LaserJet </figcaption>
</figure>
<p>HP just issued a statement saying it "refutes inaccurate claims" made in today's <a href="http://www.theverge.com/2011/11/29/2595691/hp-laserjet-printers-pose-massive-security-risk-say-columbia"><i>MSNBC</i> report detailing a vulnerability in LaserJet printers</a> that was exploited by Columbia University researchers Ang Cui and Salvatore Stolfo. HP confirms that there's a potential vulnerability in LaserJet printers and promises a firmware update to "mitigate" the issues, but the company also says that "no customer has reported unauthorized access" and that it's not possible to set a fire by exploiting the vulnerability because of the printer's thermal control hardware.</p>
<p>What's more, while HP says it's possible for a specially formatted print job from Linux of Mac machines to trigger a malicious firmware update, the company doesn’t say anything about Windows...</p>
<p>
<a href="https://www.theverge.com/2011/11/29/2596863/hp-confirms-laserjet-vulnerability-firmware-fix-in-development">Continue reading…</a>
</p>
https://www.theverge.com/2011/11/29/2596863/hp-confirms-laserjet-vulnerability-firmware-fix-in-developmentThomas Ricker2011-11-29T07:31:12-05:002011-11-29T07:31:12-05:00HP LaserJet printers pose massive security risk, say Columbia University researchers
<figure>
<img alt="HP laserjet" src="https://cdn.vox-cdn.com/thumbor/jD0goD_ho6EPS3p3CGIQXbt4W0Y=/0x42:661x483/1310x873/cdn.vox-cdn.com/assets/807331/201502.jpeg" />
<figcaption>HP laserjet</figcaption>
</figure>
<p><i>MSNBC</i> is <a target="_blank" href="http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say">reporting a security flaw</a> that could affect millions of HP LaserJet printers. According to Ang Cui and Salvatore Stolfo of Columbia University, the issue stems from the fact that the <a class="sbn-auto-link" href="http://www.theverge.com/products/brands/hp/36">HP</a> LaserJet printers tested do not require a signature or certificate to identify the source of remote software updates. Knowing this, Cui and Stolfo are able to exploit the fact that every time a LaserJet accepts a new job it checks for an included software update.</p>
<p>One demonstration by the duo involved infecting a printer through a virus-laden print job. A tax return sent to the infected printer was then surreptitiously forwarded to a remote computer posing as a hacker's workstation. A second, more alarming demonstration showed a hijacked computer...</p>
<p>
<a href="https://www.theverge.com/2011/11/29/2595691/hp-laserjet-printers-pose-massive-security-risk-say-columbia">Continue reading…</a>
</p>
https://www.theverge.com/2011/11/29/2595691/hp-laserjet-printers-pose-massive-security-risk-say-columbiaThomas Ricker