It was an image so sensational it was destined to make headlines. “Could a hacker from half-way around the planet control your printer and give it instructions so frantic that it could eventually catch fire?” asked MSNBC’s Bob Sullivan in November. That’s right: your seemingly harmless printer, sitting innocuously beside your desk, was a ticking time bomb.
The image was the result of a bit of white-hat hacking by researchers at Columbia University, who told Sullivan they’d discovered a “new class of computer security flaws that could impact millions of businesses, consumers, and even government agencies.” The researchers, lead by Salvatore Stolfo, had uncovered the flaw, they said, in HP printers, and told HP about it a week before going public. Stolfo and another researcher named Ang Cui demonstrated how they could hijack a printer and cause it to heat up the device’s fuser–something that, if a thermal switch hadn’t kicked in, could theoretically have caused the thing to burst into flames. HP quickly fired back against what it called “inaccurate claims.” But the story, if not the printers, had already blown up.
Now the story comes full circle. Even if some of the reporting may have tended towards the sensational, HP did indeed have a security hole to plug. On Friday, they announced that they finally did so, building a firmware update. HP said it received “no customer reports of unauthorized access.” Even so, better safe than sorry. In a press release, HP also reiterated its suggestion to “follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed printers.”
So was it all much ado about nothing? Yes and no. It probably was unlikely that HP printers were ever going to burst into flames and burn down your house due to the malicious actions of a hacker across the world. But there’s an underlying lesson to be learned here: that certain of our connected devices are often less well protected than others, and that we would do well to begin to take their security seriously. As Sullivan pointed out, printers are often trusted by the devices they communicate with, meaning gaining control over a printer can sometimes be a stepping stone to infiltrating deeper into a person’s or organization’s network. “There’s no focus on the security of these devices we take for granted and we carry into secure environments every day,” said Stolfo.
That’s something to take seriously, even if the somewhat absurd image of a spontaneously combusting LaserJet was not.
DeepMind’s cofounder: Generative AI is just a phase. What’s next is interactive AI.
“This is a profound moment in the history of technology,” says Mustafa Suleyman.
What to know about this autumn’s covid vaccines
New variants will pose a challenge, but early signs suggest the shots will still boost antibody responses.
Human-plus-AI solutions mitigate security threats
With the right human oversight, emerging technologies like artificial intelligence can help keep business and customer data secure
Next slide, please: A brief history of the corporate presentation
From million-dollar slide shows to Steve Jobs’s introduction of the iPhone, a bit of show business never hurt plain old business.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.