Sci & Tech

HP refutes printer security flaw claims   2011-11-30 08:00:51 FeedbackPrintRSS

SAN FRANCISCO, Nov. 29 (Xinhua) -- Hewlett-Packard (HP) on Tuesday issued a statement to refute some security flaw claims on its LaserJet printers.

"Today there has been sensational and inaccurate reporting regarding a potential security vulnerability with some HP LaserJet printers. No customer has reported unauthorized access. Speculation regarding potential for devices to catch fire due to a firmware change is false," HP said in the statement.

Tech blog "The Red Tape Chronicle" reported earlier Tuesday that researchers from Columbia University found that a feature named "remote firmware update" on HP's Internet-connected LaserJet printers could allow hackers take control of the device by installing malicious software, and even manage the printer to catch fire.

In the statement, HP said that its LaserJet printers have a hardware element called "thermal breaker" that is designed to prevent a part of the device from overheating or causing a fire, noting that it cannot be overcome by a firmware change as it was reported.

The Palo Alto, California-based company said that the specific vulnerability exists for some HP LaserJet printers it placed on a public Internet without a firewall. It conceded that on Apple's Mac computers and PCs running Linux system, it is possible for a specially formatted corrupt print job to trigger a firmware upgrade.

The company said that it is building a firmware upgrade to mitigate the issue and suggested consumers could place printers behind a firewall and disable remote firmware upload on exposed printers.

Researchers said in the earlier report that they believed the flaw is not limited to HP printers and millions of printers around the world could be vulnerable to hack attacks.

Editor: Chen Zhi
Related News
Home >> Sci & Tech Feedback Print RSS