HP Printer Firmware Vulnerability Fixed: Opportunistic Lawsuit's Lost Opportunity?

qubit · Dec 23, 2011, 10:04 PM

Three weeks ago, we brought you news that researchers had apparently found serious vulnerabilities in the firmware of HP printers that can allow hackers to cause the fuser to overheat and almost make the paper inside catch fire. HP dismissed these claims as exaggerated, but said that they would look into it. Three days later, we reported that some enterprising New Yorker called David Goldblatt sued HP, alleging that he would not have bought their printers had he known about this problem beforehand, which seems a bit unlikely when you consider that HP is the number one printer brand by a mile. Now HP have released patches for these vulnerabilities and issued the following press release:

Quote:

On Nov. 29, HP announced that the potential existed for a certain type of unauthorized access to some HP LaserJet printers and confirmed it has received no customer reports of unauthorized access. HP today issued the following statement:

HP has built a firmware update to mitigate this issue and is communicating this proactively to customers and partners. No customer has reported unauthorized access to HP. HP reiterates its recommendation to follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed printers.

The firmware update can be found at www.hp.com/support and selecting Drivers.

Additional printer security information is available at www.hp.com/go/secureprinting.

It will be interesting to see if Goldblatt's opportunistic lawsuit now continues, given that the flaws are easily fixed with a patch and the printers should be sitting behind a firewall anyway. Somehow, it looks like Goldblatt's opportunity has vanished as quickly as one can say "update".

newtekie1 · Dec 23, 2011, 10:24 PM

I like how the guy's lawsuit claims the printers can be hacked and compromise an "otherwise secure" network. But the hack requires a compromised computer, or at least a computer to download the compromised firmware and install it on the printers or it requires the printer be directly connected to the internet with a public IP. Both cases would mean the network is not "otherwise secure".

qubit · Dec 23, 2011, 10:26 PM

Yeah, brilliant, isn't it?

I wonder how much dough this lawsuit is gonna cost Mr Goldblatt?

phanbuey · Dec 24, 2011, 06:08 AM

its funny if you know what blatt means in russian.

Velvet Wafer · Dec 24, 2011, 12:41 PM

Its funny, as everyone knows that Goldblatt is a jewish name, derived from German... this Jew here wasnt rich enough it seems, so he filed a nice new Lawsuit against HP

Phanbuey, i think you dont mean "Blatt", but rather "Bled"

CrAsHnBuRnXp · Dec 25, 2011, 11:38 PM

Quote:

Originally Posted by phanbuey

its funny if you know what blatt means in russian.

Quote:

Originally Posted by Velvet Wafer

Its funny, as everyone knows that Goldblatt is a jewish name, derived from German... this Jew here wasnt rich enough it seems, so he filed a nice new Lawsuit against HP

Phanbuey, i think you dont mean "Blatt", but rather "Bled"

"Blatt" means nothing. "Bled" however, means "pale."

System Name:	Quantumville™
Processor:	Intel Core i7-2700K at 4.7GHz (hits 5 gees+ easily)
Motherboard:	Asus P8Z68-V PRO/GEN3
Cooling:	Noctua NH-D14
Memory:	16GB (4 x 4GB Corsair Vengeance DDR3 PC3-12800 C9 1600MHz)
Video Card:	EVGA GTX 590 Classified
Hard Disk:	WD Caviar Black 640GB / WD Caviar Green 2TB x2 in mobo RAID 1
Optical Drive:	Whatever DVD drive I've chucked in there right now
CRT/LCD Model:	Asus VG278HE (144Hz, 3D Vision 2, 1080p, 27") & LG W2363D (120Hz 1080p 23")
Case:	Coolermaster HAF 922
Sound Card:	SoundBlaster X-Fi ExtremeMusic (You ever heard one of these? Wow!)
PSU:	Corsair HX850W
Software:	Window 7 Ultimate 64-bit
Benchmarks:	Yes

Dec 23, 2011, 10:24 PM	#2
newtekie1 Semi-Retired Folder Join Date: Nov 2005 Location: Indiana Posts: 17,903 (6.47/day) Thanks: 785 Thanked 5,185 Times in 3,754 Posts System Specs	I like how the guy's lawsuit claims the printers can be hacked and compromise an "otherwise secure" network. But the hack requires a compromised computer, or at least a computer to download the compromised firmware and install it on the printers or it requires the printer be directly connected to the internet with a public IP. Both cases would mean the network is not "otherwise secure". __________________ Rig1: System Specs. Rig2: A8-5600K@4.4GHz / AsRock FM2A75 Pro4 / 8GB Corsair DDR3-1600 9-9-9-24 / HD7560D / Samsung DVD-Burner / 1.5TB WD Green + 3x3TB WD RED in RAID5 Rig3: Athlon X2 4200+ / M4A79 Deluxe / 4GB G.Skill Pi DDR2-800 4-4-4-12 / GT430 / Sony DVD-Burner / 500GB WD Rig4: Phenom II x6 1605T @ 3.6GHz / Asus M5A99X Evo / 8GB PNY DDR3-1600 9-9-9 / GTX470 & GTX470 / Samsung DVD-Burner / 1.5TB Seagate

Processor:	Intel Core i7 875K@4.0GHz(200x20)
Motherboard:	eVGA P55 FTW 200
Cooling:	Thermalright Ultra-120 Extreme w/ Corsair SP120 High Performance Edition
Memory:	8GB Corsair DDR3-1600 7-7-7-20
Video Card:	ASUS GTX 670 4GB DirectCU II @ 1015/3600
Hard Disk:	1TB Seagate 7200.12(OS), 3x 1.5TB Seagate 7200.11 in RAID 5
Optical Drive:	Lite-On Blu-Ray Combo Drive IHES108
CRT/LCD Model:	HP 25" 2509m 1080p LCD
Case:	Lian-Li Lancool Metal Boned K7 w/ Windowed Side Panel
Sound Card:	Onboard is good enough for me
PSU:	Corsair HX850
Software:	Windows 7 x64 Professional

Dec 23, 2011, 10:26 PM	#3
qubit Overclocked quantum bit Join Date: Dec 2007 Location: Quantumville UK Posts: 8,719 (4.31/day) Thanks: 4,216 Thanked 3,334 Times in 1,970 Posts System Specs	Yeah, brilliant, isn't it? I wonder how much dough this lawsuit is gonna cost Mr Goldblatt? __________________ Siggie in the post.

System Name:	Quantumville™
Processor:	Intel Core i7-2700K at 4.7GHz (hits 5 gees+ easily)
Motherboard:	Asus P8Z68-V PRO/GEN3
Cooling:	Noctua NH-D14
Memory:	16GB (4 x 4GB Corsair Vengeance DDR3 PC3-12800 C9 1600MHz)
Video Card:	EVGA GTX 590 Classified
Hard Disk:	WD Caviar Black 640GB / WD Caviar Green 2TB x2 in mobo RAID 1
Optical Drive:	Whatever DVD drive I've chucked in there right now
CRT/LCD Model:	Asus VG278HE (144Hz, 3D Vision 2, 1080p, 27") & LG W2363D (120Hz 1080p 23")
Case:	Coolermaster HAF 922
Sound Card:	SoundBlaster X-Fi ExtremeMusic (You ever heard one of these? Wow!)
PSU:	Corsair HX850W
Software:	Window 7 Ultimate 64-bit
Benchmarks:	Yes

Dec 24, 2011, 06:08 AM	#4
phanbuey Eligible for custom title Join Date: Nov 2007 Location: Miami Posts: 5,011 (2.45/day) Thanks: 1,484 Thanked 960 Times in 813 Posts System Specs	its funny if you know what blatt means in russian.

System Name:	LoLBoX
Processor:	Core i5 750 at 3.33 Ghz 21x159bclk @1.15v
Motherboard:	Gigabyte H55-ITX
Cooling:	Corsair H50
Memory:	8GB Samsung ECO 4GBx2 - 1590Mhz 8-8-8-21 1T @ 1.4v
Video Card:	EVGA GTX 570 @ 785/1570/2020
Hard Disk:	500GB WD Caviar Black 32MB
Optical Drive:	Slimline +/- DVD-RW
CRT/LCD Model:	22" Viewsonic 1080P LED
Case:	Silverstone SG08
Sound Card:	Yes
PSU:	Silverstone SG08 600W
Software:	Windows 7 64 Bit

Dec 24, 2011, 12:41 PM	#5
Velvet Wafer Join Date: Jun 2009 Location: North of Germany Posts: 3,849 (2.63/day) Thanks: 2,288 Thanked 1,026 Times in 839 Posts System Specs	Its funny, as everyone knows that Goldblatt is a jewish name, derived from German... this Jew here wasnt rich enough it seems, so he filed a nice new Lawsuit against HP Phanbuey, i think you dont mean "Blatt", but rather "Bled" __________________ CPU-Z validation sig pics temporarily blocked

System Name:	Heatbitch / The Dark Tower / Custom Acer
Processor:	AMD Phenom 2 X4 960T @ 4200mhz 1,44v,3130NB /Q9550 3.4ghz 1.20v/ X2 260 1.42v @3.6
Motherboard:	Asus M4A89GTD PRO / Asus Rampage Formula/Foxconn A7DA-S 3.0
Cooling:	Heatkiller 3.0 LT,Laing DDC+,Octakaideca-Rad /EK SP,Tt 400L, B.Ice XT2/Xiggy Black Knight
Memory:	4x2gb Transcend 2400 CL10 1.65v: 1600 7-8-7-24-40 1.65 /Dominator 1066 2GB/Ripjaws 2000 CL9 4GB
Video Card:	6970, soon to be WCed/ 4870x2 HK Full Cover WC´d / 2xGeforce 8800GT HyperSLI
Hard Disk:	128gb Vertex 3, 32GB Ultradrive GX2, 320GB+500GB+2x1TB F1 /160gb Maxtor,500gb F1/ 160GB WD
Optical Drive:	No Room for these
CRT/LCD Model:	LG Flatron 23" W2353V /Benq 19" FP93E-S/TFT 17"
Case:	Thermaltake Shark /Superflower SF-860B/Acer m-ATX Tower
Sound Card:	Realtek Onboard Sound, on all of them
PSU:	Corsair TX850/ OCZ Modxstream-Pro 600W/ MS-Tech 750w
Software:	XP 32bit Professional+ Win7 64Bit Ultimate
Benchmarks:	3DMark Vantage: P21385 3DM11: P5920

System Name:	H1200
Processor:	Intel i5 2500k @ 4.3GHz w/ Corsair H60
Motherboard:	Asus P8P67 (Rev 3.1)
Cooling:	1x200mm LED fan, 5x120mm LED fans
Memory:	G.skill DDR3 1600MHz 2x2GB @ 2133MHz
Video Card:	BFG nVIDIA GTX 285
Hard Disk:	Mushkin 120GB Chronos SSD, Seagate 750GB SATAII & WD 250GBx2 SATAII
Optical Drive:	LiteOn DVD-ROM, LG DVD-RW± DL SATA
CRT/LCD Model:	LG 24 inch Flatron
Case:	Antec Twelve Hundred Full Tower
Sound Card:	Creative X-Fi XtremeGamer / Plantronics Gamecom Headphones
PSU:	Corsair HX750w Professional Series
Software:	Windows 7 x64 Professional

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Canon IP4000R printer - How to remove printer admin PW?	3400	General Hardware	4	Jun 8, 2011 01:06 AM
[FS] WR Breaker Golden Q9650 - rare opportunity	Jor3llBR	Buy/Sell/Trade/Giveaway Forum	10	Apr 18, 2010 02:12 AM
GE and Intel Invest $250 million in New Market Opportunity	malware	News	3	Apr 21, 2009 06:46 PM
New Vulnerability Hits Excel	malware	News	3	Jan 19, 2008 03:51 PM