HP LaserJet Firmware Update Mitigates Security Problems - gHacks Tech News

HP LaserJet Firmware Update Mitigates Security Problems

HP has released firmware updates for some of its LaserJet printer models that aims to mitigate a security vulnerability discovered in November.

Researchers at Columbia University discovered that some HP LaserJet printers can be manipulated into accepting a modified firmware. The modified firmware can then be used to steal information, run network attacks or even cause physical damage to the printer.

The vulnerability can be exploited remotely if printers supporting the remote firmware update process are not properly protected by firewalls. Local attacks are another possibility.

Consult Researchers Find Security Vulnerability In Printers for additional information about the vulnerability.

A press release issued by HP on December 23 confirms the availability of firmware updates that mitigate the security vulnerability. HP LaserJet printer owners are asked to visit the HP Support website to download the firmware updates to their systems. Here they need to select Drivers & Software, enter the product name or number into the form and select the product from the listing to be taken to a page where they can download the latest printer firmware for that model.

HP is furthermore offering security guidance for imaging and printing on this web page.

The press release provides no details on the changes made by HP or on the printer models firmware updates have been released for. HP stated however that the company is communicating the availability of firmware updates "proactively to customers and partners". It is however not clear at the time of writing how update news are communicated to HP's customer base. The HP website for one is not listing the firmware update on the main page, nor on the support start page.

No customer of affected printers has reported unauthorized access to HP, according to the press release.

HP LaserJet users should seek out the HP Support page to find out if a firmware update is available for their printer. The firmware should be installed as soon as possible to protect the printer from the vulnerability.





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. DanTe said on December 26, 2011 at 9:25 pm
      Reply

      Thanks for the update. Since I don’t register my products for spam, I don’t know about these things until some news site reports it. Thanks again.

    2. Jojo said on December 26, 2011 at 9:25 pm
      Reply

      Was HP the ONLY printer manufacturer with this exposure?

    3. velociraptor said on December 26, 2011 at 10:03 pm
      Reply

      HP is the Wworst Manufacturer in the world , Please stay away

    4. ilev said on December 27, 2011 at 9:22 am
      Reply

      Remember that HP, at first, denied that such a vulnerability exists ?

      HP Refutes Inaccurate Claims; Clarifies on Printer Security

      HP today issued the following statement:

      Today there has been sensational and inaccurate reporting regarding a potential security vulnerability with some HP LaserJet printers. No customer has reported unauthorized access. Speculation regarding potential for devices to catch fire due to a firmware change is false.

      HP LaserJet printers have a hardware element called a “thermal breaker” that is designed to prevent the fuser from overheating or causing a fire. It cannot be overcome by a firmware change or this proposed vulnerability…..

      http://www.hp.com/hpinfo/newsroom/press/2011/111129b.html

      1. Martin Brinkmann said on December 27, 2011 at 10:54 am
        Reply

        Begs to question why they had to release a firmware update then.

        1. ilev said on December 27, 2011 at 7:21 pm
          Reply

          Later HP has acknowledged that there are security risks in HP’s laser printers :-)

          On Nov. 29, HP announced that the potential existed for a
          certain type of unauthorized access to some HP LaserJet
          printers and confirmed it has received no customer reports
          of unauthorized access.

    5. Carla said on December 29, 2011 at 2:24 pm
      Reply

      I received a promp to download this software on Dec 27th 2011. I did so. One was HPU software utility, the other was the “critical update to correct a PC to Printer Communication Issue.” The 2nd item was still “installing” after an hour and seemed hung. I cxlld the install, but my printer and PC which previously worked had stopped communicating. I restarted my computer and got….the blank “HP screen.” Windows XP would not start. Finally a friend helped me restart but I had to disconnect both printers to do so. Also an awful noise was emitted from my tower. Anyone experience this problem?

    6. rahul said on February 3, 2012 at 5:07 am
      Reply

      i am stuck with my printer’s bad ink performance, any suggestions for gud printer

    7. Pozycjonowanie Kielce said on February 17, 2012 at 2:20 pm
      Reply

      Thank you for the auspicious writeup. It in fact was a amusement account it. Look advanced to more added agreeable from you! However, how can we communicate?

    Leave a Reply