Hackers Could Turn Your Printer Into a Flaming Death Bomb

Printers can be remotely controlled by computer criminals over the Internet, with the potential to steal personal information, attack otherwise secure networks and even cause physical damage, the researchers argue in a vulnerability warning first reported by msnbc.com. They say there's no easy fix for the flaw they’ve identified in some Hewlett-Packard LaserJet printer lines – and perhaps on other firms’ printers, too – and there's no way to tell if hackers have already exploited it.

From MSNBC:

In one demonstration of an attack based on the flaw, Stolfo and fellow researcher Ang Cui showed how a hijacked computer could be given instructions that would continuously heat up the printer's fuser – which is designed to dry the ink once it's applied to paper – eventually causing the paper to turn brown and smoke.

In that demonstration, a thermal switch shut the printer down – basically, causing it to self-destruct – before a fire started, but the researchers believe other printers might be used as fire starters, giving computer hackers a dangerous new tool that could allow simple computer code to wreak real-world havoc.

source


Columbia researcher Ang Cui explains how he was able to infect an HP printer with malicious code.

Rewriting the printer's firmware takes only about 30 seconds, and a virus would be virtually impossible to detect once installed. Only pulling the computer chips out of the printer and testing them would reveal an attack, Cui said. No modern antivirus software has the ability to scan, let alone fix, the software which runs on embedded chips in a printer.

“First of all, how the hell doesn't HP have a signature or certificate indicating that new firmware is real firmware from HP?” said Mikko Hypponen, head of research at security firm F-Secure, when told of the flaw. “Printers have been a weak spot for many corporate networks. Many people don’t realize that a printer is just another computer on a network with exactly the same problems and, if compromised, the same impact.”

Source

This isnt the first time that its been possible to start fires though malicious means, many years back there was a virus that could overload certain parts of your computer and potentially cause a fire but this is the first time ive heard of it being done across the net. The scary thing is no one knows how to safe guard against it at this point in time.

Maybe a firewall ..?

And if it wasn't for this article, the computer hackers would never have know about this vulnerability. Way to go!

Good post, thanks for the information..

You know, ten years ago, I really gave viruses little to no attention...My thought, the odds of a hacker finding me, bah....Lately, seems like every time I turn around, my virus software is finding threats. Reason I bring this up, I know people will say, 'oh right, like this is likely to happen.' Well, there are fire bugs out there, and a hacker who happens to like fires gets a hold of this...Or a foreign group that wants to strike a little fear in a country.....Is there a house in america that doesn't have a printer of some sort...Talk about everyone stepping lightly around their printers after a few of these happen....Check your door is locked and your printer is off before going to bed will become a new practice.

Originally posted by avatar01
And if it wasn't for this article, the computer hackers would never have know about this vulnerability. Way to go!

Uhm, why are you placing blame at him? He didn't create the flaw or produce the report outlining the issue, he just brought it to OUR attention, or were you just being facetious?

If your printer begins to go haywire dont stand there yelling its gonna explode!.. unplug it, problem solved.


Posted Via ATS Mobile: m.abovetopsecret.com

When you leave your house turn it off

Originally posted by PhoenixOD
source

No, actually this isnt the "source".
They've just cut and pasted a short section of the actual article.

Originally posted by PhoenixOD
The scary thing is no one knows how to safe guard against it at this point in time.

On all the printers I've ever worked on, and that includes HP printers, there was a hardware thermal fuse device that stops the fuser from overheating.

In that demonstration, a thermal switch shut the printer down

Oh look, just like that one.

Nice picture to go with the article, but it isn important to note that none of the researchers have ever caused such a fire. Just citing it as a vague hypothetical.

The onboard malware thing... that however is a real issue.

This reminds me of an exploit about a decade ago where the person could remotely overclock your GPU causing it to overheat and pop.

The worst part of it is, there is several different precautions people/companies can take to prevent it, from more secure administrator passwords, hardware/software firewalls correctly configured, to choice of operating system (although in the case of LAN printers, that last ones not an option).

EDIT: The picture of a burning printer is that of a HP Deskjet, which is an inkjet, bit of a silly example.

Seems easy enough to fake, blame on the tech company and SUE!, SUE!, SUE!

pFF...pussy style - the big ones kill you by flood or poison
Hackers destroyed a pump used by a US water utility

Originally posted by avatar01
And if it wasn't for this article, the computer hackers would never have know about this vulnerability. Way to go!

I wouldn't go that far... If a hacker wants to find ways to turn common computer items or household gadgets into tools of mayhem and chaos, they likely have the ability to analyze the systems to find these vulnerabilities. My 101 intro college on Hardware went into great detail about the parts and functions of Laser Printer subsystems including a full class period spent just on this area of it. Not the overloading, but the elements inside that generate heat which could seriously injure a tech or layman popping the top to tinker with the innards.

The article may spur others who weren't aware of this to make a few bucks coming up with counter-measures...it won't cause people with the ability to actually do something like this to go through with it..they would have anyway.

People who actually think this is a possibility amuse me.

Ummmm... Just unplug your printer and plug it in when you need to print something.

I'm not scared. I remember the Ping of Death all those years ago. Now that was scary!
ETA Maybe they should change their name to Hewlett's Packing!

i guess printing managers might be real poeple now

Originally posted by pointr97

Originally posted by avatar01
And if it wasn't for this article, the computer hackers would never have know about this vulnerability. Way to go!

Uhm, why are you placing blame at him? He didn't create the flaw or produce the report outlining the issue, he just brought it to OUR attention, or were you just being facetious?

edit on 29-11-2011 by pointr97 because: (no reason given)

Lets say there is a figurative bullet proof bubble around you, and everyone has their own. But, there is one spot on the bubble in which can be penetrated... Then someone runs around and tells everybody about this weak spot. Not able to afford to purchase a new bubble, a majority of people just move on, aware but not able to do anything about it...
If this wasn't pointed out, I doubt it will ever happen. Now you have some guy trying to tell the world about a 'weak spot'. Now it's bound to happen... maybe(lol).
It's not a 'kill-the-messenger' type thing, I just think he could have been a little wiser in who he decided to tell about a flaw in the design of a product.
Go and tell the manufacturer or designer, not the already fear mongered public... The whole thing is a joke, but maybe... just maybe... it could actually have an impact. But that would be a whole list of hypatheticals.
Simply put, he brought his concerns to the wrong people...
"Hello Mr Local Printer Salesman, can you point me towards the direction of printers that can't be used as a WMD(weapon of minimal destruction)?"

I think security concerns like this need to be made public sometimes. Many times in the past people have told manufactures about security problems and they just do nothing about it until its to late. If there is enough public concern then they will be forced to address the problem.

Hackers Can Remotely Manipulate Insulin Pumps (and kill you)

Hackers Can Remotly Control Your Car - Disable The Brakes and more

more?^^

i think its not the time for jokes about potential hacks against your health!!!!!!

Far fetched and as the article states there was a fail safe in the device.

Either way the concept is interesting. I would probably increase voltage on non critical parts inside the pc or printer to start a fire.