14 DAY TRIAL // After the controversial study about HP LaserJet printers that can be set on fire was released to the public, HP quickly came forward to defend its reputation. The first move they made was to publish the list of devices that could be impacted by the installation of an unauthorized printer firmware.
“A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware,” reads the security bulletin issued by HP.
HP LaserJet Enterprise 500 color M551, HP LaserJet Enterprise 600 M602, HP LaserJet M3035, HP Color LaserJet CP4005, HP LaserJet P4515 and HP LaserJet Enterprise M4555 MFP are just a few of the models out of the 40 or so listed by the company.
Basically, customers who purchased HP LaserJet models that were manufactured before 2009, may be susceptible to the attack.
Meanwhile, until they come up with a more permanent solution to the issue, an advisory was published so customers can learn how to secure their devices against a potential unauthorized access.
Since the Remote Firmware Update (RFU) is enabled by default, an update can be sent remotely to port 9100 without authentication, which could allow for someone to alter the machine’s firmware. Users are advised to disable the Printer Firmware Update and consult the paper called HP Imaging and Printing Security Best Practices.
“HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action,” reads the advisory.
Individuals and companies who rely on the LaserJet printers released before 2009 are recommended to check out the complete list and, if their device is on it, they should immediately follow the measures suggested by HP.