Researchers claim that HP laser printers can be hijacked to steal data and catch fire

hp-laserprinter-security-holes

The news was abuzz yesterday with coverage of a study released by Columbia University researchers warning consumers that HP laser printers are wide open to remote tampering and hacking. The researchers claim that the vast majority of printers from HP’s LaserJet line accept firmware updates without checking for any sort of digital authentication, allowing malicious users to abuse the machines remotely. The researchers go so far as to claim that modified firmware can be used to overheat the printer’s fuser, causing fires, to send sensitive documents to criminals, and even force the printers to become part of a botnet.

Officials at HP were quick to counter the claims, stating that all models built in 2009 and beyond require firmware to be digitally signed. Additionally, they say that all of the brand’s laser printers are armed with a thermal cutoff switch which would mitigate the fuser attack vector before any real fire risk would present itself. Despite HP’s statements, the researchers stand by their claims, asserting that vulnerable printers are still available for purchase at major office supply stores.

While most external attacks can easily be prevented with the use of a firewall, the fact that these printers accept unsigned firmware is undoubtedly an interesting one. We are curious to see if these revelations inspire anyone to create their own homebrew LaserJet firmware with advanced capabilities (and low toner warning overrides), or if this all simply fizzles out after a few weeks.

Standalone printer display hack

print_joke

[Sprite_tm] sent us his latest project. He has found a way to display custom messages on a laserjet printer without a computer.   He’s using an ATTiny2313 to send signals through a parallel port. This project is so cheap and quick to install it could be disposable. Just program your message before hand, pop it on and walk away.

HP Color LaserJet 2600n teardown


In the ongoing quest to find parts for new projects by scavenging old devices, the curiously sane and benevolent team at Evil Mad Scientist Laboratories took apart an HP Color LaserJet 2600n. They wanted to see what makes it tick and what parts can be culled from it for later use.

[Read more...]

Follow

Get every new post delivered to your Inbox.

Join 96,382 other followers