HP Closes Firmware Flaw, Says No Reports of Exploits
Just before Christmas, Hewlett-Packard released a firmware update on its Website for some of its HP LaserJet printers to mitigate an issue in how the printers could be upgraded remotely. HP also said that not a single customer had reported any instances of unauthorized access to its printers.
In late November, researchers from Columbia University claimed the upgrade process for some HP laser printers was vulnerable and could result in printers being compromised as part of a larger attack. The researchers claimed the attackers could cause the printers to overheat and possibly catch fire. HP said at the time the reports of printers on fire were "sensational and inaccurate," but acknowledged the vulnerability existed.
There are still no such reports, a month after the initial research had been publicized, according to HP.
However, printers should still be secured by deploying them behind a firewall and disabling the ability to remotely upload firmware on exposed printers whenever possible, the company recommended.