Exploding HP Printers Turn Out to Be Not So Explosive
It was an image so sensational it was destined to make headlines. “Could a hacker from half-way around the planet control your printer and give it instructions so frantic that it could eventually catch fire?” asked MSNBC’s Bob Sullivan in November. That’s right: your seemingly harmless printer, sitting innocuously beside your desk, was a ticking time bomb.
The image was the result of a bit of white-hat hacking by researchers at Columbia University, who told Sullivan they’d discovered a “new class of computer security flaws that could impact millions of businesses, consumers, and even government agencies.” The researchers, lead by Salvatore Stolfo, had uncovered the flaw, they said, in HP printers, and told HP about it a week before going public. Stolfo and another researcher named Ang Cui demonstrated how they could hijack a printer and cause it to heat up the device’s fuser–something that, if a thermal switch hadn’t kicked in, could theoretically have caused the thing to burst into flames. HP quickly fired back against what it called “inaccurate claims.” But the story, if not the printers, had already blown up.
Now the story comes full circle. Even if some of the reporting may have tended towards the sensational, HP did indeed have a security hole to plug. On Friday, they announced that they finally did so, building a firmware update. HP said it received “no customer reports of unauthorized access.” Even so, better safe than sorry. In a press release, HP also reiterated its suggestion to “follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed printers.”
So was it all much ado about nothing? Yes and no. It probably was unlikely that HP printers were ever going to burst into flames and burn down your house due to the malicious actions of a hacker across the world. But there’s an underlying lesson to be learned here: that certain of our connected devices are often less well protected than others, and that we would do well to begin to take their security seriously. As Sullivan pointed out, printers are often trusted by the devices they communicate with, meaning gaining control over a printer can sometimes be a stepping stone to infiltrating deeper into a person’s or organization’s network. “There’s no focus on the security of these devices we take for granted and we carry into secure environments every day,” said Stolfo.
That’s something to take seriously, even if the somewhat absurd image of a spontaneously combusting LaserJet was not.
Keep Reading
Most Popular

Meta has built a massive new language AI—and it’s giving it away for free
Facebook’s parent company is inviting researchers to pore over and pick apart the flaws in its version of GPT-3

The gene-edited pig heart given to a dying patient was infected with a pig virus
The first transplant of a genetically-modified pig heart into a human may have ended prematurely because of a well-known—and avoidable—risk.

Saudi Arabia plans to spend $1 billion a year discovering treatments to slow aging
The oil kingdom fears that its population is aging at an accelerated rate and hopes to test drugs to reverse the problem. First up might be the diabetes drug metformin.

Yann LeCun has a bold new vision for the future of AI
One of the godfathers of deep learning pulls together old ideas to sketch out a fresh path for AI, but raises as many questions as he answers.
Stay connected

Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.