A team of Columbia researchers say they've discovered an exploit involving the embedded systems found in printers in which hackers can gain control of the device and rewrite the firmware without anyone knowing, and then use that to steal information or potentially cause printers to catch fire.
MSNBC says that the research team first discovered the vulnerability using an HP LaserJet printer, but believe this problem extends to virtually any printer connected to the internet or linked to an internet-connected computer. Researchers claim the printer can be easily taken over and controlled by hackers if the user prints a document with a virus hidden within.
"Printer security flaws have long been theorized, but the Columbia researchers say they've discovered the first-ever doorway into millions of printers worldwide. In one demonstration of an attack based on the flaw, Stolfo and fellow researcher Ang Cui showed how a hijacked computer could be given instructions that would continuously heat up the printer's fuser – which is designed to dry the ink once it's applied to paper – eventually causing the paper to turn brown and smoke.
In that demonstration, a thermal switch shut the printer down – basically, causing it to self-destruct – before a fire started, but the researchers believe other printers might be used as fire starters, giving computer hackers a dangerous new tool that could allow simple computer code to wreak real-world havoc."
The researchers believe that it's nearly impossible to rid an infected printer of malware once infected (short of taking out the embedded components entirely), and are making tech doomsday predictions that the entire world will have to throw their old printers out (which will almost certainly never happen). HP, for their part, says that these vulnerabilities are popping up on older printer models, and that newer devices have firmware with more stringent security measures built-in. Maybe this is why they want webOS on their printers so bad. [MSNBC]