-=PCTechTalk=- As if we didn't already have about which to worry

• From: "Larry Southerland" <larrysoutherland@xxxxxxxxxxxxx>
• To: <Puters_N_Such@xxxxxxxxxxxxxxx>, <pctechtalk@xxxxxxxxxxxxx>, <the_bullhorn2@xxxxxxxxxxxxxxx>, <thebullhornsbest@xxxxxxxxxxxxxxx>
• Date: Wed, 30 Nov 2011 15:12:45 -0500

Content-Type: text/plain;
        charset="us-ascii"
Content-Transfer-Encoding: 7bit

HP LaserJet Printers Vulnerable to Attacks, Researchers Warn


By Jaikumar Vijayan <http://www.pcworld.com/author/Jaikumar-Vijayan> ,
Computerworld <http://www.computerworld.com/>     Nov 29, 2011 5:50 pm 

http://zapp5.staticworld.net/images/article/2011/08/hp_laserjet_m175nw_180-5
211587.jpgMillions of Hewlett Packard Co.'s LaserJet printers
<http://www.pcworld.com/article/243362/hp_printer_turns_3d_scans_of_small_ob
jects_into_pictures.html>  contain a security weakness
<http://www.pcworld.com/businesscenter/article/239456/a_hidden_security_thre
at_beware_the_office_multifunction_printer.html>  that could allow attackers
to take control of the systems, steal data from them and issue commands that
could cause the devices to overheat and catch fire, according to two
researchers from Columbia University.

Printers from other vendors likely have the same issue, leaving users of
those devices exposed to similar threats, the researchers said.

The security researchers findings was first published by MSNBC.com
<http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of
-printers-open-to-devastating-hack-attack-researchers-say>  earlier today.

In response, HP today downplayed the researchers' claims, labeling them
"sensational and inaccurate."

"While HP has identified a potential security vulnerability with some HP
LaserJet printers, no customer has reported unauthorized access," the
company said.

It disputed media reports that the flaw would let hackers set LaserJet
printers on fire and said that safety mechanisms built into the printers
precluded that from happening.

The flaw in HP's LaserJet printers was discovered by Professor Salvatore
Stolfo of the Computer Science Department at Columbia University's School of
Engineering and Applied Science and fellow security researcher Ang Cui.

The vulnerability exists in the LaserJet printer's Remote Firmware Update
process. Because of weak authentication measures, the printers can be fooled
into accepting arbitrarily modified firmware by anyone with logical access
to the device, Stolfo said in an interview.

The LaserJet printers that were tested do not require firmware updates to be
digitally signed, allowing anyone to essentially instruct the printer to
erase its existing operating software and overwrite it with a malicious one.

Attackers could gain total control of the printer and rewrite its software
so that it would be impossible to reset it, he said. "It is a pretty bad
security flaw," Stolfo said.

Stolfo said that he and Cui investigated three popular LaserJet models and
discovered the same weakness in all three. The researchers have not
disclosed the specific model numbers.

All that was required to compromise the printers was a maliciously crafted
print job, either sent by someone with access to the printer or by someone
remotely if the printer is connected directly to the Internet, according to
Stolfo.

http://zapp5.staticworld.net/images/article/2011/08/hp_laserjet_pro_cp1025nw
_713992_g2-5208443.jpgThe flaw allows attackers to steal documents from a
compromised printer, or to use the device as a launch pad for attacking
computers attached to it. The vulnerability also allows attackers to issue a
command that could cause the printer's fuser, which is used to dry ink, to
start heating up. Theoretically at least, that could cause the printing
paper to catch fire.

According to Stolfo, during a demonstration, he was able to get the fuser on
a LaserJet printer hot enough to cause the printer paper to brown and start
smoking. But a safety mechanism built into the printer caused it to fail in
a safe manner before it could catch on fire.

It is unclear whether the same sort of safety mechanism exists on printers
from other vendors, he added.

Stolfo said that Cui and he discovered the LaserJet vulnerability when doing
research on vulnerabilities in single-purpose embedded devices such as
printers, routers, VoIP phones and digital thermostats. The two researchers
plan to release a formal paper describing their findings after HP has had a
chance to mitigate the issue, he said.

HP did not immediately respond to a request for comment. In its statement,
HP said it is working on a firmware update for the issue. However, it
downplayed the threat.

"The specific vulnerability exists for some HP LaserJet devices if placed on
a public internet without a firewall," the company said. "In a private
network, some printers may be vulnerable if a malicious effort is made to
modify the firmware of the device by a trusted party on the network."

LaserJet printers in some Linux or Mac environments could be compromised by
someone sending the device a corrupt print job, the company said.

"Speculation regarding potential for devices to catch fire due to a firmware
change is false," HP noted. A hardware element known as a thermal breaker
prevents LaserJet printers from overheating or causing a fire. "It cannot be
overcome by a firmware change or this proposed vulnerability," HP said.

Jaikumar Vijayan covers data security and privacy issues, financial services
security and e-voting for Computerworld. Follow Jaikumar on Twitter at
@jaivijayan <http://twitter.com/jaivijayan>  or subscribe to
<http://twitter.com/jaivijayan> Jaikumar's RSS feed
<http://rss.computerworld.com/computerworld/s/feed/keyword/JaikumarVijayan>
. His e-mail address is
<http://rss.computerworld.com/computerworld/s/feed/keyword/JaikumarVijayan>
jvijayan@xxxxxxxxxxxxxxxxx .
<http://rss.computerworld.com/computerworld/s/feed/keyword/JaikumarVijayan> 

Read more about security <http://www.computerworld.com/s/topic/17/Security>
in Computerworld's Security Topic Center.

http://www.pcworld.com/article/245175/hp_laserjet_printers_vulnerable_to_att
acks_researchers_warn.html#tk.nl_dnx_t_crawl

 

 




---------------------------------------------------------------
Please remember to trim your replies (including this sentence and everything 
below it) and adjust the subject line as necessary.

To subscribe, unsubscribe or modify your email settings:
//www.freelists.org/webpage/pctechtalk
OR
To subscribe to the mailing list, send an email to 
pctechtalk-request@xxxxxxxxxxxxx with "subscribe" in the Subject. To 
unsubscribe send email to pctechtalk-request@xxxxxxxxxxxxx with "unsubscribe" 
in the Subject.

To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/

To contact only the PCTT Mod Squad, write to:
pctechtalk-moderators@xxxxxxxxxxxxx

To join our separate PCTableTalk off-topic group, send a blank email to:
pctabletalk+subscribe@xxxxxxxxxxxxxxxx
---------------------------------------------------------------

Other related posts:

• » -=PCTechTalk=- As if we didn't already have about which to worry - Larry Southerland

1. Home
2. pctechtalk
3. Archive
4. 11-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---