• We've upgraded our forums. Please post any issues/requests in this thread.

Hackers Can Make HP Printers Catch Fire!! Well, Singe Paper...

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
14,554 (3.97/day)
Likes
8,060
Location
Quantum Well UK
System Name Quantumville™
Processor Intel Core i7-2700K at stock (hits 5 gees+ easily)
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (4 x 4GB Corsair Vengeance DDR3 PC3-12800 C9 1600MHz)
Video Card(s) Zotac GTX 1080 AMP! Extreme Edition
Storage Samsung 850 Pro 256GB | WD Green 4TB
Display(s) BenQ XL2720Z | Asus VG278HE (both 27", 144Hz, 3D Vision 2, 1080p)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair HX 850W v1
Software Windows 10 Pro 64-bit
#1
Researchers at Columbia University have investigated the security of HP network printers and have found them wanting. The basic problem is the complexity of the devices and the fact that the authenticity of firmware updates for these devices isn't checked by using a digital signature. MSNBC published an exclusive story, explaining how by using a hacked computer, the researchers could make their test printers do various nasties, such as continuously heat the fuser unit until the paper singed, at which point the printer shut off due to the built-in safety device, a thermal switch which cannot be overridden by software. They could also be programmed to spread viruses, which would be very dangerous, as these attacking printers would be within the firewall perimeter, allowing them unrestricted access to the soft underbelly of the network. And as the MSNBC article put it so well: "Few companies are prepared to protect themselves from an attack by their own printer." Quite, seems ridiculous at first sight, doesn't it? The researches focused on HP printers, which are by far the most popular brand out there, but say that there are similar vulnerabilities within all devices which employ embedded networked computers, leaving them wide open to attack, hence the industry should wake up to this threat and fix their systems before hackers start to exploit these for real. HP for their part, played down the overall threat and disagreed on several points made by the researchers. Also, the attacks were carried out using Linux and Mac computers and the suggestion seems to be that it's somehow harder to do with a Windows computer. There's a lot more detail at the MSNBC article and readers are encouraged to check it out.

Show full news post
 

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
14,554 (3.97/day)
Likes
8,060
Location
Quantum Well UK
System Name Quantumville™
Processor Intel Core i7-2700K at stock (hits 5 gees+ easily)
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (4 x 4GB Corsair Vengeance DDR3 PC3-12800 C9 1600MHz)
Video Card(s) Zotac GTX 1080 AMP! Extreme Edition
Storage Samsung 850 Pro 256GB | WD Green 4TB
Display(s) BenQ XL2720Z | Asus VG278HE (both 27", 144Hz, 3D Vision 2, 1080p)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair HX 850W v1
Software Windows 10 Pro 64-bit
#2
Thanks to 95Viper for the tip. :toast:
 

erocker

Senior Moderator
Staff member
Joined
Jul 19, 2006
Messages
42,381 (10.17/day)
Likes
18,023
Processor Intel i7 8700k
Motherboard Gigabyte z370 AORUS Gaming 7
Cooling Water
Memory 16gb G.Skill 4000 MHz DDR4
Video Card(s) Evga GTX 1080
Storage 3 x Samsung Evo 850 500GB, 1 x 250GB, 2 x 2TB HDD
Display(s) Nixeus EDG27
Case Thermaltake X5
Power Supply Corsair HX1000i
Mouse Zowie EC1-B
Software Windows 10
#4
Nah, flashing a firmware doesn't take much of an O/S. Most of the time you don't need an O/S to flash firmware.
 

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
14,554 (3.97/day)
Likes
8,060
Location
Quantum Well UK
System Name Quantumville™
Processor Intel Core i7-2700K at stock (hits 5 gees+ easily)
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (4 x 4GB Corsair Vengeance DDR3 PC3-12800 C9 1600MHz)
Video Card(s) Zotac GTX 1080 AMP! Extreme Edition
Storage Samsung 850 Pro 256GB | WD Green 4TB
Display(s) BenQ XL2720Z | Asus VG278HE (both 27", 144Hz, 3D Vision 2, 1080p)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair HX 850W v1
Software Windows 10 Pro 64-bit
#5
Anyone else see the irony in that? :laugh:
I certainly did - that's why I made absolutely sure to put it in. :D Glad you liked it.

Nah, flashing a firmware doesn't take much of an O/S. Most of the time you don't need an O/S to flash firmware.
True. The article simply said that the researchers disagreed on which was the more vulnerable platform, Linux/Mac or Windows, without elaborating. I think it's an important point and should have been elaborated.
 
Last edited:
Joined
Dec 18, 2008
Messages
1,833 (0.56/day)
Likes
523
System Name Computer
Processor 1700X
Motherboard CH6
Cooling Custom Loop
Memory G.Skill 32GB
Video Card(s) GTX 1070
Storage 500GB Samsung 850 Evo Msata
Display(s) LG 23" IPS
Power Supply Seasonic 760 Platinum
Software Windows 8.1 64-Bit
#7
Who is the Whistleblower

Kudos to anyone who gets my reference
 
Joined
Feb 6, 2007
Messages
2,576 (0.65/day)
Likes
510
Processor Mysterious Engineering Prototype
Motherboard Intel 865
Cooling Custom block made in workshop
Memory Corsair XMS 2GB
Video Card(s) FireGL X3-256
Display(s) 1600x1200 SyncMaster x 2 = 3200x1200
Software Windows 2003
#8
No, we DONT want certificate signed firmwares! Just imagine... NO MODDING the firmware on your GPUs or your PC BIOS!

If a "hacker" can get into a corporate LAN so easily, then I'm more worried about data security issues than a few printers overheating. And rather than fiddle with overheating, why not just do a remote print run and print off a 1000 pages of pr0n or wikileaks? Far more problematic than a printer under blanket corporate IT insurance.

If the "hacker" is an internal, ie employee, then what else are they up to? If they want to cause damage, they can drop their laptop or put paperclips in the fuser.

NONSTORY
 

erocker

Senior Moderator
Staff member
Joined
Jul 19, 2006
Messages
42,381 (10.17/day)
Likes
18,023
Processor Intel i7 8700k
Motherboard Gigabyte z370 AORUS Gaming 7
Cooling Water
Memory 16gb G.Skill 4000 MHz DDR4
Video Card(s) Evga GTX 1080
Storage 3 x Samsung Evo 850 500GB, 1 x 250GB, 2 x 2TB HDD
Display(s) Nixeus EDG27
Case Thermaltake X5
Power Supply Corsair HX1000i
Mouse Zowie EC1-B
Software Windows 10
#9

Kreij

Senior Monkey Moderator
Staff member
Joined
Feb 6, 2007
Messages
13,817 (3.48/day)
Likes
5,524
Location
Cheeseland (Wisconsin, USA)
Processor Intel Core 2 Quad QX9650 Extreme @ 3.0 GHz
Motherboard Asus Rampage Formula
Cooling ZeroTherm Nirvana NV120 Premium
Memory 8GB (4 x 2GB) Corsair Dominator PC2-8500
Video Card(s) 2 x Sapphire Radeon HD6970
Storage 2 x Seagate Barracuda 320GB in RAID 0
Display(s) Dell 3007WFP 30" LCD (2560 x 1600)
Case Thermaltake Armor w/ 250mm Side Fan
Audio Device(s) SupremeFX 8ch Audio
Power Supply Thermaltake Toughpower 750W Modular
Software Win8 Pro x64 / Cat 12.10
#10
Why don't the "researchers" at Columbia University do something useful, like figure out how to save us money by creating quality printout while using less toner, instead of overheating fusers with firmware hacks?
 
Joined
Feb 6, 2007
Messages
2,576 (0.65/day)
Likes
510
Processor Mysterious Engineering Prototype
Motherboard Intel 865
Cooling Custom block made in workshop
Memory Corsair XMS 2GB
Video Card(s) FireGL X3-256
Display(s) 1600x1200 SyncMaster x 2 = 3200x1200
Software Windows 2003
#11
Let me rephrase what I said earlier if my point wasnt clear. Certificate signed firmware is great so that you can check the legitimacy of the firmware file before committing it to the hardware. But at the same time, being able to install uncertified firmware with a warning sign that we can still accept is what allows us to make bios and firmware tweaks. But RESTICTING a device to ONLY accept certificate firmware will stop BIOS tweaking/modding opportunities. No more BIOS editors, no flashing edited BIOS etc.
 
Joined
Oct 12, 2008
Messages
5,654 (1.69/day)
Likes
2,605
Location
στο άλφα έως ωμέγα
System Name Ha/AhHa/Dell
Processor QX9650 SLAWN C1/i7-980x/i7-6700K
Motherboard GA-X48_DS4 (F3B bios)/Gigabyte x58A-UDR3 v 2.0(modded FH bios)/Dell Foxconn 0XJ8C4 Z170
Cooling CNPS9900 LED/H60/ 3 pipe-center fan-air
Memory 8 Gig of G.Skill F2-8800CL5D/24 Gb Corsair Vengence/ 24Gb Samsung DDR4 2133
Video Card(s) Galaxy NVIDIA GeForce GTX 960/PowerColor R9 280/ASUS R9 380X Strix G1
Storage All have SSDs with HDDs for extra storage and backup/Dell-M.2 Samsung 850 EVO PCIe
Display(s) Asus 266H/Viewsonic 1080p/HP ZR24W
Case CM-690/CM-690 II adv/Dell 8900 series
Audio Device(s) All use on board (Realtek) w/2.1 speakers
Power Supply PC P&C 750/PC P&C Silencer 950/CM 700 Extreme
Mouse Logitech
Keyboard Logitech
Software Windows 10 Pro - 64 bit/Windows 10 Pro - 64bit/Windows 10 Pro - 64bit
#12
Nah, flashing a firmware doesn't take much of an O/S.

:laugh::toast:

Other devices, too, are possible. :eek:

Why don't the "researchers" at Columbia University do something useful, like figure out how to save us money by creating quality printout while using less toner, instead of overheating fusers with firmware hacks?
More Press and probably got fed funding for the study they did.:)
 

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
14,554 (3.97/day)
Likes
8,060
Location
Quantum Well UK
System Name Quantumville™
Processor Intel Core i7-2700K at stock (hits 5 gees+ easily)
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (4 x 4GB Corsair Vengeance DDR3 PC3-12800 C9 1600MHz)
Video Card(s) Zotac GTX 1080 AMP! Extreme Edition
Storage Samsung 850 Pro 256GB | WD Green 4TB
Display(s) BenQ XL2720Z | Asus VG278HE (both 27", 144Hz, 3D Vision 2, 1080p)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair HX 850W v1
Software Windows 10 Pro 64-bit
#13
Why don't the "researchers" at Columbia University do something useful, like figure out how to save us money by creating quality printout while using less toner, instead of overheating fusers with firmware hacks?
Quite. Reading between the lines of that MSNBC article, I get the impression that the researchers are trying to make a name for themselves. While what they're reporting is all true, 99% of these printers are sitting inside the corporate network which will have its own defences, so it's a matter of "weighting" for this problem. It looks like they have to infect a PC first within that network, before they can nail the printer, so it takes a double effort to do this, which reduces the chances consderably of such an attack.

Of course, you do get printers and other systems that are directly connected to the internet and these are much more at risk.

One big hint that the problem isn't so bad? These vulnerable devices have been around for the last 15 years or so, so you'd think that the criminal malware writers would have exploited them widely by now if it had been profitable for them to do so.

More Press and probably got fed funding for the study they did. :)
You cynic! :laugh:
 
Joined
Feb 6, 2007
Messages
2,576 (0.65/day)
Likes
510
Processor Mysterious Engineering Prototype
Motherboard Intel 865
Cooling Custom block made in workshop
Memory Corsair XMS 2GB
Video Card(s) FireGL X3-256
Display(s) 1600x1200 SyncMaster x 2 = 3200x1200
Software Windows 2003
#14
Wall of cynicism





Er, time for me to go to bed!
 
Last edited:
Joined
Nov 18, 2006
Messages
2,964 (0.73/day)
Likes
397
Location
your local vending machine
System Name HTPC||Lenovo IBM ThinkPad
Processor AMD Phenom II x4 965 stock 3.4GHz||Intel C2D T9300 @ 2.5GHz
Motherboard Zotac 890GX-ITX WiFi||Lenovo 8918CTO
Cooling Stock 3x 120's||Stock stuff
Memory 8GB (2x4GB) DDR3 6-6-6-15||3GB DDR2
Video Card(s) Asus 3870x2||nVidia Quadro NVS 140M
Storage 1TB Seagate Barracuda, 1x 2TB WD EARX ||Hitachi 160GB 7200RPM
Display(s) Samsung T260HD||
Case SilverStone Grandia GD05||
Audio Device(s) on-board||on-board
Power Supply Cooler Master 450W||6-cell
Software Windows 7 Pro x64||Windows 7 Pro x64/Linux Mint x64
#15
So that's why I've had to replace so many fusers at work :rolleyes:
 
Joined
Jul 3, 2008
Messages
166 (0.05/day)
Likes
84
Processor Intel Core i7 5820k
Motherboard MSI X99S-GAMING7
Cooling Corsair H105
Memory 16GB G.SKILL DDR4
Video Card(s) Geforce GTX970
Storage Samsung 840 Evo
Display(s) Samsung U28E590DS UHD
Case Corsair 800D
Audio Device(s) ASUS XONAR
Power Supply Corsair HX850i
Mouse Raze Naga
Keyboard Filco Majestouch
Software Windows 8.1 x64
#16
Printer hacking has been a pretty known security hole for many years. Simply securing your printer with a password will prevent many attacks, also changing SNMP . However if you want to have a play on your own printer there's an article dating back to 2005 that details many printer exploits and how to perform them. Many of them no longer work, but many are still current:

http://www.irongeek.com/i.php?page=security/networkprinterhacking

Last update was four years ago but there is still alot of useful information in there for Sys Admins.
 
Joined
Apr 16, 2010
Messages
1,884 (0.67/day)
Likes
547
System Name The Stone that the Builders Refused / Perception Forge version III
Processor i5 4570 /i7-6800k
Motherboard Msi Z87m / Asus x99M-WS
Cooling H80i / nh-d14
Memory 32 gigs patriot 1866 / 16gigs G skill ddr4
Video Card(s) MSI r9 270 / 970 windforce
Storage 120gig 840 evo, 120gig adata sp900 / 2 Samsung 840 raid zero 2tb seagate alot +
Display(s) 23'' asus lcd 29" Lg(r.i.p.) 42" nec monitor
Case Fractal desisn Node 804 / Fractal Design Node 804
Power Supply seasonic G 650 gold / Be Quiet Dark power pro 650 platinum
Mouse corsair vengence M65 / Func Ms3
Keyboard corsair k70 cherry blue /corsair k95 cherry red
Software Window 10 pro / windows 10 pro
Benchmark Scores meh... feel me on the battle field!
#17
Who thought of this? Man.... thin line between genius and madness...
 

Mussels

Moderprator
Staff member
Joined
Oct 6, 2004
Messages
46,118 (9.57/day)
Likes
13,546
Location
Australalalalalaia.
System Name Daddy Long Legs
Processor Ryzen R7 1700, 3.9GHz 1.375v
Motherboard MSI X370 Gaming PRO carbon
Cooling Fractal Celsius S24 (Silent fans, meh pump)
Memory 16GB 2133 generic @ 2800
Video Card(s) MSI GTX 1080 Gaming X (BIOS modded to Gaming Z - faster and solved black screen bugs!)
Storage 1TB Intel SSD Pro 6000p (60TB USB3 storage)
Display(s) Samsung 4K 40" HDTV (UA40KU6000WXXY) / 27" Qnix 2K 110Hz
Case Fractal Design R5. So much room, so quiet...
Audio Device(s) Pioneer VSX-519V + Yamaha YHT-270 / sennheiser HD595/518 + bob marley zion's
Power Supply Corsair HX 750i (Platinum, fan off til 300W)
Mouse Logitech G403 + KKmoon desk-sized mousepad
Keyboard Corsair K65 Rapidfire
Software Windows 10 pro x64 (all systems)
Benchmark Scores Laptops: i7-4510U + 840M 2GB (touchscreen) 275GB SSD + 16GB i7-2630QM + GT 540M + 8GB
#18
using a printer to spread viruses... ack, when dumb devices can be used to spread malware, we're in trouble - because they're also too dumb/low powered for anti virus.
 
Joined
Sep 1, 2010
Messages
5,901 (2.22/day)
Likes
6,569
#19
Wasn't it in the news 2 or 3 weeks ago? :confused:


The problem is they should make firmware digitally signed, and it'd be even better if firmware could be updated only locally
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
17,067 (3.44/day)
Likes
17,974
Processor Core i7-4790K
Memory 16 GB
Video Card(s) GTX 1080
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 7
#20
who has digitally signed firmware and enforces it ? (other than apple)
there is firmware that has a checksum to protect against transmission error, but i can't think of much that is protected against attacks from evil people(tm)
 
Joined
Sep 1, 2010
Messages
5,901 (2.22/day)
Likes
6,569
#21
who has digitally signed firmware and enforces it ?
What's wrong with that? As if it violates any freedom :rolleyes:

I'm no Apple fan but I also hate when any son of a bitch can write some malicious driver or firmware to screw things up and can easily spread that shit.
 
Joined
Mar 26, 2010
Messages
7,646 (2.71/day)
Likes
1,983
Location
Jakarta, Indonesia
System Name micropage7
Processor Intel G4400
Motherboard MSI B150M Bazooka D3
Cooling Stock ( Lapped )
Memory 16 Gb Team Xtreem DDR3
Video Card(s) Nvidia GTX460
Storage Seagate 1 TB, 5oo Gb and SSD A-Data 128 Gb
Display(s) LG 19 inch LCD Wide Screen
Case HP dx6120 MT
Audio Device(s) Stock
Power Supply Be Quiet 600 Watt
Software Windows 7 64-bit
Benchmark Scores Classified
#22
cool
if you hate your boss use that after you go home
 
Joined
Jan 2, 2008
Messages
3,248 (0.89/day)
Likes
396
System Name Thakk
Processor i7 6700k @ 4.5Ghz
Motherboard Gigabyte G1 Z170N ITX
Cooling Deepcool Maelstrom 120k / H55
Memory 16GB Corsair LPX DDR4 2400
Video Card(s) GTX1080ti Founders Ed. AIO Cooled
Storage Corsair Force GT 120GB SSD / Intel 250GB SSD / Samsung Pro 512 SSD / 3TB Seagate SV32
Display(s) Acer Predator X34 100hz IPS Gsync / HTC Vive
Case Cougar QBX mini itx
Audio Device(s) Realtek ALC1150 > Creative Gigaworks T40 > AKG Q701
Power Supply Thermaltake 600w 140mm
Mouse Logitech G900
Keyboard Ducky Shine TKL MX Blue + Vortex PBT Doubleshots
Software Windows 10 64bit
Benchmark Scores http://www.3dmark.com/fs/12108888
#23
doubt if boss uses printers though. They just walk around looking at people's monitors and send memos.
 
Joined
Feb 18, 2006
Messages
5,103 (1.18/day)
Likes
1,257
Location
AZ
System Name Thought I'd be done with this by now
Processor i7 4790K 4.4GHZ turbo currently at 4.6GHZ at 1.16v
Motherboard MSI Z97-G55 SLI
Cooling Scythe Mugen 2 rev B (SCMG-2100), stock on gpu's.
Memory 8GB G.SKILL Ripjaws Z Series DDR3 2400MHZ 10-12-12-31
Video Card(s) EVGA GTX 760 Superclocked replaced HIS R9 290 that was artifacting
Storage 1TB MX300 M.2 OS + Games, 4x ST31000524NS in Raid 10 Storage and Backup, external 2tb backup,
Display(s) BenQ GW2255 surprisingly good screen for the price.
Case Raidmax Scorpio 668
Audio Device(s) onboard HD
Power Supply EVGA 750 GQ
Software Windows 10
Benchmark Scores no one cares anymore lols
#24
lol at the firewall jab.

If they can get access to your networked printer they've either already gotten around the firewall or they're an internal employee.

in either of those sceanrios there's far worse things they would be doing.