|

Report: Laser printers can be remotely hacked to steal data

Consumer Reports News: November 29, 2011 10:23 AM

Find Ratings blob logo

Your laser printer might burn through plenty of paper. But a new study claims that innocuous-looking printer could be a gateway for remote hackers out to steal your identity—and maybe even physically burn you.

According to MSNBC, researchers at Columbia University claim they have discovered a new class of online vulnerability: bogus firmware updates to networked laser printers. The researchers told the news website that clever hackers can reverse-engineer the software commands used internally by laser printers and then create bogus updates, which are loaded when unsuspecting victims send a duplicitous document to the printer.

The bogus updates, say the researchers, can be designed to steal printed data—say a person's online banking statement—or even physically damage the printer. In one test demonstrated to MSNBC, for example, the researchers caused a printer's thermal infuser—used to heat and dry the printer's ink toner—to overheat and cause the printer to smolder.

Researchers at the Computer Science Department of Columbia University’s School of Engineering and Applied Science said they conducted the vulnerability research using printers made by HP. Columbia professor Salvatore Stolfo, who directed the research, told MSNBC:

The research on this is crystal clear. The impact of this is very large. These devices are completely open and available to be exploited.

According to MSNBC, federal authorities as well as HP have been briefed by the researchers of their discovered vulnerabilities. Keith Moore, chief technologist for HP's printer division, told MSNBC that the company is still assessing the discovery and takes the possible security threat "very seriously,” Moore believes that the risk to ordinary consumers is low, though, since the vulnerabilities may apply only to newer, networked laser printers.

UPDATE: HP has issued a statement refuting some of the "inaccurate claims" made by the researchers.

HP LaserJet printers have a hardware element called a “thermal breaker” that is designed to prevent the fuser from overheating or causing a fire. It cannot be overcome by a firmware change or this proposed vulnerability.

The statement also said that while "a potential security vulnerability with some HP LaserJet printers, no customer has reported unauthorized access." The company is working to address the issue and will notify customers when a fix is available. In the meantime, HP stresses concerned consumers can find more information about protected printing at its website: www.hp.com/go/secureprinting.

For tips on how to protect your computers and personal data, check out Consumer Reports Guide to online security.

Exclusive: Millions of printers open to devastating hack attack, researchers say [MSNBC]

Paul Eng

   

Find Ratings blob logo

Printers Ratings

View and compare all Printers ratings.

Computers Ratings

View and compare all Computers ratings.

E-mail Newsletters

FREE e-mail Newsletters! Choose from cars, safety, health, and more!
Already signed-up?
Manage your newsletters here too.

Electronics & Computers News

Connect

and safety with
subscribers and fans

Follow us on:

Cars

Cars New Car Price Report
Find out what the dealers don't want you to know! Get dealer pricing information on a new car with the New Car Price Report.

Order Your Report

Mobile

Mobile Get Ratings on the go and compare
while you shop

Learn more