14 DAY TRIAL // After Columbia University researchers Ang Cui and Salvatore Stolfo found a vulnerability in HP LaserJet printers that could allow a hacker to remotely control it to launch cyberattacks, steal information and in some scenarios even set it on fire, HP released a firmware update to mitigate the issue.
“HP has built a firmware update to mitigate this issue and is communicating this proactively to customers and partners. No customer has reported unauthorized access to HP,” reads the company’s statement.
“HP reiterates its recommendation to follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed printers.”
While this may all be good, what the researchers demonstrated back in November has raised a lot of controversy. Some even sued the company for not warning their customers on the presence of the vulnerabilities, especially since earlier reports showed that high-level security risks did exist in printers.
At the time when the weaknesses were discovered many argued about the circumstances in which an attack could be successfully launched, nevertheless, HP faced a lot of criticism, even from consecrated security experts such as Mikko Hypponen.
“First of all, how the hell doesn't HP have a signature or certificate indicating that new firmware is real firmware from HP?” said Hypponen.
In the meantime, customers who rely on the LaserJet printer models that were appointed as being susceptible to an attack are advised to upgrade the device’s firmware to prevent any unfortunate incidents.
Even though HP didn’t report any attacks that used the vulnerabilities, you never know what cybercriminals may have been cooking during this period. Also, it’s recommended to follow the instructions given by the company in their Secure Printing and Imaging section to make sure you are protected in case another zero-day bug is found.