Hackers Can Remotely Set HP Printers on Fire: Is Yours Vulnerable?
Do you own an HP printer? If so, it may be vulnerable to malware attacks. Researchers at Columbia University discovered that 25% of Hewlett-Packard printers have significant vulnerabilities that put your printer in danger from hackers—even your home.
With a budget of just $2,000, researchers Salvatore Stolfo and Ang Cui were able to hack into the printers using remote firmware to install malware, and in some cases even cause the printer to catch on fire.
The main issue is with the printer's cloud features, which allow it to remotely receive documents and emails. Hackers can potentially bypass your home or business's network security by going through cloud-enabled printers, which "don't have the firewalls and anti-viral software they have come to expect from their PC," according to one researcher. Because documents are cached before they are printed, hackers could potentially retrieve confidential data, run a DoS attack, or exploit vulnerabilities in the LAN network as a whole.
HP has been trying its best to combat the problem, releasing several dozen firmware updates in the process. However, only 1-2% of HP laser jet printers have been updated. In addition, one in four printers are still using the default passwords, making a hacker's job even easier.
Exacerbating the problem, the researchers also posited that it's not just HP printers that are at risk. A number of vulnerabilities they found in the operating system itself "makes the entire market a potential target."
So how can you protect yourself?
The easiest solution would be to simply not purchase a cloud-enabled printer. While it might seem like a convenient solution, it doesn't seem like the technology is anywhere near safe yet.
If you already own a cloud-enabled printer and plan on continuing to use it, make sure that you've downloaded and installed any firmware updates from the manufacturer. You can download the latest updates for HP printers here. Also make sure that you aren't using the default passwords (a good idea for any network device) that came with the printer. Disabling cloud features and keeping it off your network in general are also good steps to take if you plan on printing sensitive documents.