Skip to Content

Exploding HP Printers Turn Out to Be Not So Explosive

Reports of the printers’ fiery deaths were greatly exaggerated.
December 28, 2011

It was an image so sensational it was destined to make headlines. “Could a hacker from half-way around the planet control your printer and give it instructions so frantic that it could eventually catch fire?” asked MSNBC’s Bob Sullivan in November. That’s right: your seemingly harmless printer, sitting innocuously beside your desk, was a ticking time bomb.

The image was the result of a bit of white-hat hacking by researchers at Columbia University, who told Sullivan they’d discovered a “new class of computer security flaws that could impact millions of businesses, consumers, and even government agencies.” The researchers, lead by Salvatore Stolfo, had uncovered the flaw, they said, in HP printers, and told HP about it a week before going public. Stolfo and another researcher named Ang Cui demonstrated how they could hijack a printer and cause it to heat up the device’s fuser–something that, if a thermal switch hadn’t kicked in, could theoretically have caused the thing to burst into flames. HP quickly fired back against what it called “inaccurate claims.” But the story, if not the printers, had already blown up.

Now the story comes full circle. Even if some of the reporting may have tended towards the sensational, HP did indeed have a security hole to plug. On Friday, they announced that they finally did so, building a firmware update. HP said it received “no customer reports of unauthorized access.” Even so, better safe than sorry. In a press release, HP also reiterated its suggestion to “follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed printers.”

So was it all much ado about nothing? Yes and no. It probably was unlikely that HP printers were ever going to burst into flames and burn down your house due to the malicious actions of a hacker across the world. But there’s an underlying lesson to be learned here: that certain of our connected devices are often less well protected than others, and that we would do well to begin to take their security seriously. As Sullivan pointed out, printers are often trusted by the devices they communicate with, meaning gaining control over a printer can sometimes be a stepping stone to infiltrating deeper into a person’s or organization’s network. “There’s no focus on the security of these devices we take for granted and we carry into secure environments every day,” said Stolfo.

That’s something to take seriously, even if the somewhat absurd image of a spontaneously combusting LaserJet was not.

Keep Reading

Most Popular

The inside story of how ChatGPT was built from the people who made it

Exclusive conversations that take us behind the scenes of a cultural phenomenon.

How Rust went from a side project to the world’s most-loved programming language

For decades, coders wrote critical systems in C and C++. Now they turn to Rust.

Design thinking was supposed to fix the world. Where did it go wrong?

An approach that promised to democratize design may have done the opposite.

Sam Altman invested $180 million into a company trying to delay death

Can anti-aging breakthroughs add 10 healthy years to the human life span? The CEO of OpenAI is paying to find out.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.