HP LaserJet Firmware Update Mitigates Security Problems
HP has released firmware updates for some of its LaserJet printer models that aims to mitigate a security vulnerability discovered in November.
Researchers at Columbia University discovered that some HP LaserJet printers can be manipulated into accepting a modified firmware. The modified firmware can then be used to steal information, run network attacks or even cause physical damage to the printer.
The vulnerability can be exploited remotely if printers supporting the remote firmware update process are not properly protected by firewalls. Local attacks are another possibility.
Consult Researchers Find Security Vulnerability In Printers for additional information about the vulnerability.
A press release issued by HP on December 23 confirms the availability of firmware updates that mitigate the security vulnerability. HP LaserJet printer owners are asked to visit the HP Support website to download the firmware updates to their systems. Here they need to select Drivers & Software, enter the product name or number into the form and select the product from the listing to be taken to a page where they can download the latest printer firmware for that model.
HP is furthermore offering security guidance for imaging and printing on this web page.
The press release provides no details on the changes made by HP or on the printer models firmware updates have been released for. HP stated however that the company is communicating the availability of firmware updates "proactively to customers and partners". It is however not clear at the time of writing how update news are communicated to HP's customer base. The HP website for one is not listing the firmware update on the main page, nor on the support start page.
No customer of affected printers has reported unauthorized access to HP, according to the press release.
HP LaserJet users should seek out the HP Support page to find out if a firmware update is available for their printer. The firmware should be installed as soon as possible to protect the printer from the vulnerability.
Advertisement
Thank you for the auspicious writeup. It in fact was a amusement account it. Look advanced to more added agreeable from you! However, how can we communicate?
i am stuck with my printer’s bad ink performance, any suggestions for gud printer
I received a promp to download this software on Dec 27th 2011. I did so. One was HPU software utility, the other was the “critical update to correct a PC to Printer Communication Issue.” The 2nd item was still “installing” after an hour and seemed hung. I cxlld the install, but my printer and PC which previously worked had stopped communicating. I restarted my computer and got….the blank “HP screen.” Windows XP would not start. Finally a friend helped me restart but I had to disconnect both printers to do so. Also an awful noise was emitted from my tower. Anyone experience this problem?
Remember that HP, at first, denied that such a vulnerability exists ?
HP Refutes Inaccurate Claims; Clarifies on Printer Security
HP today issued the following statement:
Today there has been sensational and inaccurate reporting regarding a potential security vulnerability with some HP LaserJet printers. No customer has reported unauthorized access. Speculation regarding potential for devices to catch fire due to a firmware change is false.
HP LaserJet printers have a hardware element called a “thermal breaker†that is designed to prevent the fuser from overheating or causing a fire. It cannot be overcome by a firmware change or this proposed vulnerability…..
http://www.hp.com/hpinfo/newsroom/press/2011/111129b.html
Begs to question why they had to release a firmware update then.
Later HP has acknowledged that there are security risks in HP’s laser printers :-)
On Nov. 29, HP announced that the potential existed for a
certain type of unauthorized access to some HP LaserJet
printers and confirmed it has received no customer reports
of unauthorized access.
HP is the Wworst Manufacturer in the world , Please stay away
Was HP the ONLY printer manufacturer with this exposure?
Thanks for the update. Since I don’t register my products for spam, I don’t know about these things until some news site reports it. Thanks again.