James Delahunty
30 Nov 2011 5:28
HP denies sensationalist and inaccurate reports.
HP is currently working on a potential security vulnerability that affects some of its LaserJet printers. The consumer electronics firm noticed some sensationalist reports had surfaced in the media, suggesting that this vulnerability could let hackers alter the firmware of a printer in such a way that it could cause a fire.
"Speculation regarding potential for devices to catch fire due to a firmware change is false," HP said. "HP LaserJet printers have a hardware element called a 'thermal breaker' that is designed to prevent the fuser from overheating or causing a fire. It cannot be overcome by a firmware change or this proposed vulnerability."
The vulnerability being investigated by HP could let users on a private network modify the device firmware. In some Linux or Mac environments, it may be possible for a specially formatted corrupt print job to trigger a firmware upgrade.
HP is working on a fix for the issue, and in the meantime, suggests that customers and partners follow basic practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed printers.