Friday, December 23rd 2011
Three weeks ago, we brought you news that researchers had apparently found serious vulnerabilities in the firmware of HP printers that can allow hackers to cause the fuser to overheat and almost make the paper inside catch fire. HP dismissed these claims as exaggerated, but said that they would look into it. Three days later, we reported that some enterprising New Yorker called David Goldblatt sued HP, alleging that he would not have bought their printers had he known about this problem beforehand, which seems a bit unlikely when you consider that HP is the number one printer brand by a mile. Now HP have released patches for these vulnerabilities and issued the following press release:
On Nov. 29, HP announced that the potential existed for a certain type of unauthorized access to some HP LaserJet printers and confirmed it has received no customer reports of unauthorized access. HP today issued the following statement:It will be interesting to see if Goldblatt's opportunistic lawsuit now continues, given that the flaws are easily fixed with a patch and the printers should be sitting behind a firewall anyway. Somehow, it looks like Goldblatt's opportunity has vanished as quickly as one can say "update".
HP has built a firmware update to mitigate this issue and is communicating this proactively to customers and partners. No customer has reported unauthorized access to HP. HP reiterates its recommendation to follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed printers.
The firmware update can be found at www.hp.com/support and selecting Drivers.
Additional printer security information is available at www.hp.com/go/secureprinting.