Friday, December 23rd 2011

HP Printer Firmware Vulnerability Fixed: Opportunistic Lawsuit's Lost Opportunity?

Three weeks ago, we brought you news that researchers had apparently found serious vulnerabilities in the firmware of HP printers that can allow hackers to cause the fuser to overheat and almost make the paper inside catch fire. HP dismissed these claims as exaggerated, but said that they would look into it. Three days later, we reported that some enterprising New Yorker called David Goldblatt sued HP, alleging that he would not have bought their printers had he known about this problem beforehand, which seems a bit unlikely when you consider that HP is the number one printer brand by a mile. Now HP have released patches for these vulnerabilities and issued the following press release:

On Nov. 29, HP announced that the potential existed for a certain type of unauthorized access to some HP LaserJet printers and confirmed it has received no customer reports of unauthorized access. HP today issued the following statement:

HP has built a firmware update to mitigate this issue and is communicating this proactively to customers and partners. No customer has reported unauthorized access to HP. HP reiterates its recommendation to follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed printers.

The firmware update can be found at www.hp.com/support and selecting Drivers.

Additional printer security information is available at www.hp.com/go/secureprinting.
It will be interesting to see if Goldblatt's opportunistic lawsuit now continues, given that the flaws are easily fixed with a patch and the printers should be sitting behind a firewall anyway. Somehow, it looks like Goldblatt's opportunity has vanished as quickly as one can say "update".
Add your own comment

5 Comments on HP Printer Firmware Vulnerability Fixed: Opportunistic Lawsuit's Lost Opportunity?

#1
newtekie1
Semi-Retired Folder
I like how the guy's lawsuit claims the printers can be hacked and compromise an "otherwise secure" network. But the hack requires a compromised computer, or at least a computer to download the compromised firmware and install it on the printers or it requires the printer be directly connected to the internet with a public IP. Both cases would mean the network is not "otherwise secure".
Posted on Reply
#2
qubit
Overclocked quantum bit
Yeah, brilliant, isn't it? :laugh: I wonder how much dough this lawsuit is gonna cost Mr Goldblatt?
Posted on Reply
#3
phanbuey
its funny if you know what blatt means in russian.
Posted on Reply
#4
Velvet Wafer
Its funny, as everyone knows that Goldblatt is a jewish name, derived from German... this Jew here wasnt rich enough it seems, so he filed a nice new Lawsuit against HP :laugh:

Phanbuey, i think you dont mean "Blatt", but rather "Bled" ;)
Posted on Reply
#5
CrAsHnBuRnXp
by: phanbuey
its funny if you know what blatt means in russian.
by: Velvet Wafer
Its funny, as everyone knows that Goldblatt is a jewish name, derived from German... this Jew here wasnt rich enough it seems, so he filed a nice new Lawsuit against HP :laugh:

Phanbuey, i think you dont mean "Blatt", but rather "Bled" ;)
"Blatt" means nothing. "Bled" however, means "pale."
Posted on Reply