HP LaserJet printer vulnerability: what you need to know – The Verge The Verge is about technology and how it makes us feel. Founded in 2011, we offer our audience everything from breaking news to reviews to award-winning features and investigations, on our site, in video, and in podcasts. 2011-12-24T20:18:01+00:00 https://www.theverge.com/rss/stream/2361011 https://platform.theverge.com/wp-content/uploads/sites/2/2025/01/verge-rss-large_80b47e.png?w=150&h=150&crop=1 Chris Welch <![CDATA[HP releases firmware fix for laserjet printer exploit]]> https://www.theverge.com/2011/12/24/2659385/hp-firmware-fix-laserjet-vulnerability 2011-12-24T15:18:01-05:00 2011-12-24T15:18:01-05:00
HP LaserJet

Give HP kudos for timeliness: less than a month after Columbia University researchers shared a worrisome lack of security surrounding firmware updates on the company's line of laserjet printers, a fix is now available for affected models. If you'll recall, Ang Cui and Salvatore Stolfo made headlines by revealing that attaching a virus to a print job on a vulnerable device could provide full access to an intruder, allowing sensitive content to be intercepted and even giving those with the most malicious of intent a way to overheat the fuser within. For its part, HP steadfastly denied the possibility of fire or an explosion, assuring consumers …

Read the full story at The Verge.

]]> Thomas Ricker <![CDATA[HP confirms LaserJet vulnerability, promises firmware fix]]> https://www.theverge.com/2011/11/29/2596863/hp-confirms-laserjet-vulnerability-firmware-fix-in-development 2011-11-29T15:36:34-05:00 2011-11-29T15:36:34-05:00
HP LaserJet

HP just issued a statement saying it "refutes inaccurate claims" made in today's MSNBC report detailing a vulnerability in LaserJet printers that was exploited by Columbia University researchers Ang Cui and Salvatore Stolfo. HP confirms that there's a potential vulnerability in LaserJet printers and promises a firmware update to "mitigate" the issues, but the company also says that "no customer has reported unauthorized access" and that it's not possible to set a fire by exploiting the vulnerability because of the printer's thermal control hardware.

What's more, while HP says it's possible for a specially formatted print job from Linux of M …

Read the full story at The Verge.

]]> Thomas Ricker <![CDATA[HP LaserJet printers pose massive security risk, say Columbia University researchers]]> https://www.theverge.com/2011/11/29/2595691/hp-laserjet-printers-pose-massive-security-risk-say-columbia 2011-11-29T07:31:12-05:00 2011-11-29T07:31:12-05:00
HP laserjet

MSNBC is reporting a security flaw that could affect millions of HP LaserJet printers. According to Ang Cui and Salvatore Stolfo of Columbia University, the issue stems from the fact that the HP LaserJet printers tested do not require a signature or certificate to identify the source of remote software updates. Knowing this, Cui and Stolfo are able to exploit the fact that every time a LaserJet accepts a new job it checks for an included software update.

One demonstration by the duo involved infecting a printer through a virus-laden print job. A tax return sent to the infected printer was then surreptitiously forwarded to a remote computer po …

Read the full story at The Verge.

]]>