Hackers arent just a threat to your digital life any more. By taking control of your printer, they could potentially burn your house down from the other side of the globe, MSNBC reports.
The security flaw was discovered by researchers Salvatore Stolfo and Ang Cui at Columbia University, and so far its only been identified in HP LaserJet printers, although they suggest that it could exist in other brands, too. The problem comes from the embedded systems inside the printers, which are basically small computers that are even connected to the internet. Even though todays printers are full-fledged devices connected to the internet, not much thought goes into making them secure.
By hacking into the computer and overloading it with instructions that heat up the fuser – a part of the printer that helps dry the ink – the researchers made the paper in the printer blacken and smoke. In another demo, a thermal switch shut down the printer, causing it to burst into flames.
Before beginning a print job, HPs printers check for firmware updates and download them if theyre available. The only problem is that they dont discriminate if the update is coming from Palo Alto or an Eastern European hackers den. The only way that hackers can take over printers that arent connected to the internet is to trick the user into trying to print a document containing a virus. The real threat comes from printers with internet connectivity, something thats becoming more and more common in todays mobile world.
In that case, it takes about 30 seconds to rewrite the printers firmware, replacing it with a virus that is all but undetectable. The hackers dont even need to dupe unwitting users into installing malware. It takes care of itself.
The virus embeds itself so deep into the printer that the only way to detect it would be to remove the computer chips from the printer and run manual tests. “First of all, how the hell doesnt HP have a signature or certificate indicating that new firmware is real firmware from HP?” asked Mikko Hypponen, F-Secures head of research. According to HP, they do.
Keith Moore, the chief technologist at HPs printer division, said that while HP “takes this very seriously,” all of HPs newer printers do require digitally signed firmware updates, and that they have since 2009. He also said that the impact from the vulnerability would be limited, since it only affects LaserJet printers, while most people have InkJet printers in their home.
Its about time that companies started taking security a bit more seriously. Today, everything from our refrigerators to our cars have embedded systems inside them, and theyre just as much at risk as our desktops. And, as you can see, these vulnerabilities have very real consequences. If the idea of hackers cleaning out your bank account scares you, think about them destroying everything you own. Weve contacted HP for comment but have yet to recieve a reply.
Image courtesy of MSNBC