1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

HP's Hackable Printers: The Lawsuit

Discussion in 'News' started by qubit, Dec 11, 2011.

  1. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,830 (3.91/day)
    Thanks Received:
    3,485
    Location:
    Quantum well (UK)
    Three days ago, we brought you news of how researchers have made proof-of-concept attacks on HP printers by reprogramming their firmware. Among other things, these attacks could deliberately cause the fuser in a printer to overheat and singe the paper, until shut down by a built-in unoverridable thermal switch, preventing a fire. Now, in light of this, a lawsuit has been filed by David Goldblatt of New York, seeking damages for fraudulent and deceptive business practices and is looking for class action status: "As a result of HP's failure to require the use of digital signatures to authenticate software upgrades, hackers are able to reprogram the HP Printers' software with malicious software without detection," the suit says. "Once the HP printers' software is maliciously reprogrammed, the HP printers can be remotely controlled by computer hackers over the Internet, who can then steal personal information, attack otherwise secure networks, and even cause physical damage to the HP printers, themselves." Note that HP has used digital signatures since 2009 to authenticate the firmware updates, helping to mitigate this potential problem in recent models.

    Despite this though, HP still intends to patch the firmware to eliminate threats from this hack, which exploits bugs in the firmware. As these attacks have only actually been demonstrated in the lab and no actual losses have been incurred by Goldblatt, it makes one wonder if he is just using the prevailing American "victim culture" to try and make a quick buck off HP. HP are the top printer brand, mainly because their products are excellent, performing well and lasting a long time, plus other companies' printers and embedded devices have the same problems, so it seems unlikely that he would really not have bought HP printers.

    [​IMG]

    Source: c|net
     
    Last edited: Dec 11, 2011
    DragonBorn says thanks.
  2. Kreij

    Kreij Senior Monkey Moderator Staff Member

    Joined:
    Feb 6, 2007
    Messages:
    13,881 (4.93/day)
    Thanks Received:
    5,616
    Location:
    Cheeseland (Wisconsin, USA)
    While HP drivers could use a little extra security, I hardly see it as "fraudulent and deceptive business practices."

    If that's the case, just about every hardware manufacturer is guilty of the same thing.
    I don't really see him winning this case and he is probably just banking on the fact it will be cheaper for HP to just settle the claim, and payout something, than fight it out in court.
     
    newtekie1 and 95Viper say thanks.
  3. a111087

    a111087

    Joined:
    Apr 2, 2007
    Messages:
    2,760 (1.00/day)
    Thanks Received:
    200
    Location:
    US
    the only "fraudulent" thing in here is the lawsuit itself...
     
    Completely Bonkers says thanks.
  4. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,830 (3.91/day)
    Thanks Received:
    3,485
    Location:
    Quantum well (UK)
    Indeed. It's one thing to sue where you've actually suffered damages due to someone's negligence. However, it's quite another in a case like this. I hope HP nail him to the wall for a "fraudulent and deceptive" lawsuit!
     
  5. jsfitz54

    jsfitz54

    Joined:
    Jun 18, 2010
    Messages:
    903 (0.57/day)
    Thanks Received:
    242
    How does an HP Printer Owner know that the Software/Firmware is Intact and Unaltered?

    HP should patch and provide a utility to verify its integrity.
     
  6. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,830 (3.91/day)
    Thanks Received:
    3,485
    Location:
    Quantum well (UK)
    Checksums are used to detect file corruption and has been used since the dawn of computers. Digital signatures on the other hand, go a step further. While they check the integrity of a file, they also authenticate that it came from who it claims to have come from. This technique uses cryptography to implement this function and is similar in concept to SSL for websites.
     
  7. masterbw2000 New Member

    Joined:
    Sep 9, 2008
    Messages:
    20 (0.01/day)
    Thanks Received:
    1
    Location:
    Taipei, Taiwan
    This lawsuit has no merit, it's Gold-seeking lawsuit for sure.
    Whether you intentionally or unintentionally getting the exploited firmware upgrade due to user error, it's your fault and don't blame the manufacturer.
     
  8. robal

    robal

    Joined:
    Aug 5, 2008
    Messages:
    485 (0.21/day)
    Thanks Received:
    111
    Location:
    Hampshire, UK
    Lawsuit troll...
     
  9. dank1983man420

    dank1983man420

    Joined:
    Apr 22, 2008
    Messages:
    496 (0.21/day)
    Thanks Received:
    171
    Location:
    Near Chicago, IL
    This guy probably worked for Rambus at some point in his life.



    I hope he loses big in court and HP does a firmware update so this issue can be done with.
     
    Crunching for Team TPU More than 25k PPD
  10. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,830 (3.91/day)
    Thanks Received:
    3,485
    Location:
    Quantum well (UK)
    This David Goldblatt sounds like a lawyer, just the type to pull a stunt like this. I tried googling him, but turned up nothing, just some hit that didn't look like it would be him.

    Can anyone do better?
     
  11. bill_d New Member

    Joined:
    Mar 9, 2008
    Messages:
    35 (0.01/day)
    Thanks Received:
    0
    to bad this won't make HP put out full windows 7 drivers for their printers
     
    Last edited: Dec 11, 2011
  12. Shihabyooo

    Shihabyooo

    Joined:
    Jan 10, 2011
    Messages:
    566 (0.41/day)
    Thanks Received:
    110
    Location:
    A sad excuse of a country called Sudan.
    ^Summing up the entire article.
     
  13. tigger

    tigger I'm the only one

    Joined:
    Mar 20, 2006
    Messages:
    10,183 (3.24/day)
    Thanks Received:
    1,399
    Its america, just another excuse to sue somebody.
     
  14. erocker

    erocker Super Moderator Staff Member

    Joined:
    Jul 19, 2006
    Messages:
    39,807 (13.19/day)
    Thanks Received:
    14,190
    As an American that owns a couple HP printers I definitely feel like a victim. Every night when I leave work, I'm now afraid and traumatized that my printers may catch fire burning my business to the ground. It's hard to sleep at night and HP is at fault. God ble$$ lawyer$, we would be lo$t without them.
     
    qubit says thanks.
  15. Kreij

    Kreij Senior Monkey Moderator Staff Member

    Joined:
    Feb 6, 2007
    Messages:
    13,881 (4.93/day)
    Thanks Received:
    5,616
    Location:
    Cheeseland (Wisconsin, USA)
    If the business starts to take a nose dive and becomes unprofitable, you can burn it down, collect the insurance money and blame HP.
    Just make sure you start the fire at the printer, and be careful what accelerants you use as they will show up in the forensics of an arson investigation.

    There is a silver lining in everything. ;)

    Disclaimer : I do not encourage nor condone arson as a method of perpetrating insurance fraud.
     
    Last edited: Dec 11, 2011
  16. JATownes

    JATownes

    Joined:
    Nov 9, 2008
    Messages:
    1,832 (0.84/day)
    Thanks Received:
    442
    Location:
    Texas
    Since you don't outright discourage insurance fraud, what method do you encourage or condone? :laugh:
     
  17. wiak

    wiak

    Joined:
    Sep 5, 2004
    Messages:
    1,747 (0.47/day)
    Thanks Received:
    200
    Location:
    Norway
    i love my new HP 1102W Wireless LaserJet printer, fast and easy driver installation, i upgraded from a ancient HP LaserJet 1010
     
  18. Kreij

    Kreij Senior Monkey Moderator Staff Member

    Joined:
    Feb 6, 2007
    Messages:
    13,881 (4.93/day)
    Thanks Received:
    5,616
    Location:
    Cheeseland (Wisconsin, USA)
    I have quite a few HP printers on my work network and never had any problem other than HP driver incompatibility with some applications.

    Although I will say that their default installation package is horribly bloated if you just want to print.
     
  19. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,417 (2.00/day)
    Thanks Received:
    1,616
    Location:
    στο άλφα έως ωμέγα
    Just my opinion; but, this is just another case of class action get rich scheme for lawyers.
    Class action lawsuits, as the law allows for today, does nothing for the victims; however, it is lucritive for the lawyers involved.
    They need to change the system to where there is a cap on the amount of profit that can be made by the lawyers and involved staff and/or associates. Do this and watch the courtrooms go almost vacant.
    No thank you , do use the guise of suing for me to make some chump(s) rich.

    Call me silly, but, shouldn't you be protecting your, network (business and/or home) yourself.
    Do you really allow your devices to be updated remotely, from an outside un-secure source.
    Maybe, your internet fridge or toaster. But, I would even put them behind a firewall and allow no access.

    Just my opionion, as I said... and, a wee little rant.;)

    Link to a good article and the court filings. (Notice it was E-filed.)
    (Probably printed out on a hacked HP laser printer.:rolleyes:)

    Related Video Sorta:rolleyes:
     
  20. pantherx12

    pantherx12 New Member

    Joined:
    Jan 2, 2009
    Messages:
    9,714 (4.58/day)
    Thanks Received:
    1,699
    Location:
    ENGLAND-LAND-LAND
    I hope this dude gets thrown out on his arse.

    Pretty much anything with software on it can be hacked given time .
     
  21. faramir New Member

    Joined:
    May 20, 2011
    Messages:
    203 (0.16/day)
    Thanks Received:
    27
    I hope HP takes that greedy bastard to court and bleeds him dry in lawyer and court fees. He has no case and is obviously just fishing for money.
     

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page