HP has issued a statement denying a report on MSNBC which claimed hackers could remotely control millions of HP Laserjet printers and even give it instructions which would cause the printer to catch on fire.
The MSNBC report quoted researchers at Columbia University who claimed the printers were "completely open and available to be exploited.”
The researchers say they have reverse engineered the printers firmware and have figured out how to remotely update the software with potentially malicious instructions.
In one demonstration, the Columbia researchers showed MSNBC how a hijacked computer could be given instructions that would continuously heat up the printer’s fuser – which is designed to dry the ink once it’s applied to paper – eventually causing the paper to turn brown and smoke.
MSNBC admits the demonstration of a thermal switch shutdown did not actually cause a fire but the researchers said other printers could be used as fire starters.
HP has called the report "sensational and inaccurate" saying "Speculation regarding potential for devices to catch fire due to a firmware change is false."
According to the company, LaserJet printers have a hardware element called a "thermal breaker" that is designed to prevent the fuser from overheating or causing a fire. This breaker, says HP, cannot be overcome by a firmware change or this proposed vulnerability.
The company acknowledges a potential security vulnerability exists with some HP LaserJet printers, however, no customer has reported unauthorized access. HP says the vulnerability only exists if the printer is placed on a public internet without a firewall. In a private network, the printers are only vulnerable if a malicious attack is made by a trusted party on the network.
HP says it is building a firmware upgrade to fix the problem.
Discuss in Digital Home's Computing forum .