Linked by Howard Fosdick on Sat 31st Dec 2011 07:57 UTC
Bugs & Viruses Columbia University researchers claim millions of HP printers could be open to remote attack via unsecured Remote Firmware Updates. Cybercriminals could steal personal information or attack otherwise secure networks. HP agrees there is a theoretical security problem but says no customer has ever reported unauthorized printer access. The company denies some of the claims and is still investigating others.
Permalink for comment 501766
To read all comments associated with this story, please click here.
Surprised ?
by Lennie on Sat 31st Dec 2011 09:35 UTC
Lennie
Member since:
2007-09-22

The questionmark in the article title make it seem Howard was surprised.

A printer is a network connected computer like many other devices and people don't update their firmware. So what else do you expect ?

Here some presentations on other security problems with printers:

http://www.youtube.com/watch?v=GZgLX60U3sY#t=3m40s
( ShmooCon 2011: Printers Gone Wild! )

http://www.youtube.com/watch?v=MPhisPLwm2A
( ShmooCon 2011: Printer to PWND: Leveraging Multifunction Printers During Penetration Testing )

An other example is that many of these devices have a webinterface. Why is that a problem ? Well it is just as much a problem as a webinterface on your router.

A website on the Internet could include an image with a URL pointing at your router or printer which tries to change settings on that device. It is very common.

Many routers on sale right now have already fixed their problems. It will take years before printers will get fixed.

Reply Score: 7