Columbia University professor Salvatore Stolfo warns of a potential security issue with HP printers (and quite possibly other brands as well). Stolfo, while doing research with his Ph.D student Ang Cui, discovered most HP laser printers allow unsigned remote firmware updates, meaning anyone can upgrade the printer’s internal software without it verifying the update comes from a legitimate source. With the rise in popularity of “cloud printing” (as HP is marketing it as heavily), these printers are exposed to the internet, making them easy targets for an attack. In a demonstration, Stolfo sent commands to one printer that caused its fuser to heat up until the paper inside turned brown and began smoking. A temperature sensor in the printer tripped, shutting it off before it could catch fire, but Stolfo suggests that many printers don’t have such sensors in them, making it possible for hackers to start fires in some scenarios.
Understandably, HP isn’t happy about the findings. They argue that all HP printers built after 2009 adopted digital signing and further argue they don’t believe it’s possible for malicious code to be sent to an HP printer using Microsoft Windows. (They admit, however, that it may be possible using Linux or an Apple Mac.) Researchers counter that as late as September, 2011, they’ve could find HP products on store shelves that accept the unsigned updates.
A true fix for this security flaw requires updating all the legacy printers with firmware requiring signed updates; a major undertaking that manufacturers aren’t likely to tackle. Researchers claim they were able to find 40,000 vulnerable printers shared over the internet in a matter of only minutes, but even printers only shared on local area networks are potentially at risk of such attacks by way of a virus or spyware. Stolfo says, “Printers that are 3-, 4-, 5-years-old and older, I’d think, all used unsigned software. The question is, ‘How many of those printers are out there?’ It could be much more than 100 million.”
Any embedded OS can be hacked, this isn’t anything new. Jailbreaking/rooting a phone is generally exploiting a flaw in the OS that allows you to install/execute unsigned code on it, same thing goes for putting different firmware on a router/NAS unit or other embedded device.