Skip to Content

Exploding HP Printers Turn Out to Be Not So Explosive

Reports of the printers’ fiery deaths were greatly exaggerated.
December 28, 2011

It was an image so sensational it was destined to make headlines. “Could a hacker from half-way around the planet control your printer and give it instructions so frantic that it could eventually catch fire?” asked MSNBC’s Bob Sullivan in November. That’s right: your seemingly harmless printer, sitting innocuously beside your desk, was a ticking time bomb.

The image was the result of a bit of white-hat hacking by researchers at Columbia University, who told Sullivan they’d discovered a “new class of computer security flaws that could impact millions of businesses, consumers, and even government agencies.” The researchers, lead by Salvatore Stolfo, had uncovered the flaw, they said, in HP printers, and told HP about it a week before going public. Stolfo and another researcher named Ang Cui demonstrated how they could hijack a printer and cause it to heat up the device’s fuser–something that, if a thermal switch hadn’t kicked in, could theoretically have caused the thing to burst into flames. HP quickly fired back against what it called “inaccurate claims.” But the story, if not the printers, had already blown up.

Now the story comes full circle. Even if some of the reporting may have tended towards the sensational, HP did indeed have a security hole to plug. On Friday, they announced that they finally did so, building a firmware update. HP said it received “no customer reports of unauthorized access.” Even so, better safe than sorry. In a press release, HP also reiterated its suggestion to “follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed printers.”

So was it all much ado about nothing? Yes and no. It probably was unlikely that HP printers were ever going to burst into flames and burn down your house due to the malicious actions of a hacker across the world. But there’s an underlying lesson to be learned here: that certain of our connected devices are often less well protected than others, and that we would do well to begin to take their security seriously. As Sullivan pointed out, printers are often trusted by the devices they communicate with, meaning gaining control over a printer can sometimes be a stepping stone to infiltrating deeper into a person’s or organization’s network. “There’s no focus on the security of these devices we take for granted and we carry into secure environments every day,” said Stolfo.

That’s something to take seriously, even if the somewhat absurd image of a spontaneously combusting LaserJet was not.

Keep Reading

Most Popular

A view of clouds illuminated by sunlight
A view of clouds illuminated by sunlight

We can’t afford to stop solar geoengineering research

It is the wrong time to take this strategy for combating climate change off the table.

conceptual illustration showing various women's faces being scanned
conceptual illustration showing various women's faces being scanned

A horrifying new AI app swaps women into porn videos with a click

Deepfake researchers have long feared the day this would arrive.

Death and Jeff Bezos
Death and Jeff Bezos

Meet Altos Labs, Silicon Valley’s latest wild bet on living forever

Funders of a deep-pocketed new "rejuvenation" startup are said to include Jeff Bezos and Yuri Milner.

ai learning to multitask concept
ai learning to multitask concept

Meta’s new learning algorithm can teach AI to multi-task

The single technique for teaching neural networks multiple skills is a step towards general-purpose AI.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.