A few weeks ago, a group of researchers announced that they were able to exploit a security hole in some older Hewlett-Packard printers that allowed them to take the printers over. In one demonstration, they were able to heat up paper to the point where it started smoking, and in another were able to send social security numbers from documents to other systems.
The problem was that the printers did not check to verify to source of any firmware updates – the software that controls the actual physical hardware in the computer. So the researchers were able to update the printers with fake firmware that contained software that let them control the printers and take advantage of their network access and other systems.
After this report was announced, HP released a statement stating that no systems had been reported compromised by this potential attack. Moreover, the company claimed that this would not impact any printers produced after 2009. Printers produced after that point did check for a digital signature.
Well, now people with older printers can rest easy, as well. HP has released a firmware update that should fix the security exploit, and is actively working with its customers to make sure that the updates get installed.
What’s not clear is whether the firmware update could fix a printer whose security has already been compromised, but to date I haven’t seen any reports that this exploit has been employed against anybody, so that’s probably a non-issue.
Despite the quick fix, one thing that this does highlight is the increasing vulnerability of embedded systems. Especially as more and more of the things we use every day use networks, even things we wouldn’t think of in a computing sense.
Follow me on Twitter or Facebook. Read my Forbes blog here.
Article source: http://www.forbes.com/sites/alexknapp/2011/12/26/hp-releases-firmware-update-to-prevent-printer-hacking/?feed=rss_home
View full post on National Cyber Security