A group of researchers at Columbia University has identified a dangerous security hole that could pose a serious threat to the security of printers leading, in some cases, a dangerous overheating of the device could also catch fire.
The security flaw, if properly exploited, could allow an attacker to compromise a printer to get hold of confidential information and to physically damage the device by issuing commands that are intended to overheat and ignite the elements of printer paper in it content, it is possible to exploit this flaw because the printer firmware are gradually acquiring a number of features, without the progress made with regard to their safety. To update the firmware of their printers many companies use a mechanism of “Remote firmware update” not digitally signed, which means that the update may be sent by anyone, since the printer does not have any system that can authenticate the update .
Using some of the HP Laserjet Series: sending a remote command to the laser printer was possible to heat the fuser (the element used to incinerate the toner powder on the paper) to the point where the paper has started to darken and emit smoke. At this point, the temperature sensor in the printer switched off the device, thus preventing the onset of a fire. The problem however is not limited to HP printers, it can affect the solutions of all the producers in this market and with a greater degree of risk models that are not equipped with temperature drivers sensors.
“Researchers have shown, however, the ability to reprogram the firmware of the printer using Mac OS X and Linux machines, but it is unclear whether this is possible even on Windows systems.”The attack can be done remotely, especially if the printer supports printing capabilities of cloud and is therefore accessible from any part of the network.
The researchers performed a quick scan of the network in minutes and have identified 40 000 printers accessible. The actual number of vulnerable machines, however, could be much higher.
Since the printer is a key element in managing the flow of documents produced by a company, it is easy to understand that unauthorized access to this device can allow you to steal confidential documents and sensitive information.
Was right not to provide gateway and dns to the printer.
Honestly, it is also the first time I’ve heard of firmware for printers.
Download Smart Driver Updater the best software for your PC