Linked by Howard Fosdick on Sat 31st Dec 2011 07:57 UTC
Bugs & Viruses Columbia University researchers claim millions of HP printers could be open to remote attack via unsecured Remote Firmware Updates. Cybercriminals could steal personal information or attack otherwise secure networks. HP agrees there is a theoretical security problem but says no customer has ever reported unauthorized printer access. The company denies some of the claims and is still investigating others.
Permalink for comment 501815
To read all comments associated with this story, please click here.
I spotted this a few months ago...
by rklrkl on Sun 1st Jan 2012 10:35 UTC
rklrkl
Member since:
2005-07-06

I submitted a posting to Slashdot a few months back that basically got ignored - HP printers have a Web interface on them that many places (especially academic institutions it seems) actually put on the *public internet* with no password protection or anything!

There is a simple Google search that scarily finds literally millions of them all around the world. Whilst the Web interface doesn't let you erase firmware, you can certainly change the printer config, print test pages etc.

BTW, how many people ever upgrade the firmware on their laser printer? Probably a tiny percentage I suspect, so HP's release of a firmware fix (which probably won't solve the issue of many HP printers being publicly available on the Net without a password) will probably help with new models purchased and not existing ones already out there.

Edited 2012-01-01 10:40 UTC

Reply Score: 4