Researchers noticed vulnerability in HP's printer and pointed out the possibility of being ignited by remote control

ByDustball

According to researchers at Columbia University, some of the printers released by Hewlett-Packard have vulnerabilities remotely accessible by hackers. Experiments by researchers have pointed out that in addition to being able to steal personal information by access from the outside, there is a possibility that the fuser cartridge can be heated and ignited.

Exclusive: Millions of printers open to devastating hack attack, researchers say - Red Tape
http://redtape.nbcnews.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say


The research was carried out by Professor Salvatore Stolfo of Columbia University and graduate student Ang Cui,MSNBCA demonstration was held to install malware on HP's laser jet printer towards. Part of HP's printer can update the firmware without checking the digital signature, so there is a possibility that malicious software will be installed. The time required for rewriting the firmware is only 30 seconds, it is impossible to discover once a virus is installed in the printer. Although there is no vulnerability in laser jet printers and inkjet printers released after 2009, vulnerable printers are still being used in offices, etc. Stolfo says, "This is the key to locking It's like selling a car without selling it, which is extremely dangerous. "

In experiments on vulnerability to external access, Stolfo's demonstrated that they take over the computer and heat the fuser cartridge to burn the paper.

The actual demonstration can be seen from the following movie.

"Print Me if you Dare," Columbia University Intrusion Detection Systems Lab - YouTube


In the experiment, the safety function worked and the printer shut down, it did not lead to ignition, but if hackers use it, the printer not only becomes a tool of hacking but also there is a possibility of becoming an ignition device, MSNBC says I will. In addition, the following became brown and scorched Printer paper.


This is Salvatore Stolfo and Ang Cui who do research.


Researchers also demonstrated that they hacked computers and sent tax returns and important criminal documents. Using this vulnerability makes it impossible to use thousands of printers, or the computer willBotnetYou may be supposed to be complimented by.

National Vulnerability Database (NVD)According to a survey by Mr. Stolfo, the vulnerability related to further remote control has been revealed, but the official announcement of the research has not been done yet, he says "It is currently being prepared".

Initially, HP's company needs to check the digital signature when upgrading the firmware of HP's printers made after 2009, and in the case of inkjet printers, it is not possible to upgrade by remote operation from the very beginning, Although the printer through the wall had denied researchers' allegations because there was no vulnerability, I acknowledged that there was a security vulnerability later. However, to the point that the printer is ignited by hacking, "HP laser jet printer has a system called" thermal breaker ", which prevents the fuser cartridge from overheating and igniting. Just because there is vulnerability does not necessarily lead to firing. "