Sunday, December 11th 2011
HP's Hackable Printers: The Lawsuit
Three days ago, we brought you news of how researchers have made proof-of-concept attacks on HP printers by reprogramming their firmware. Among other things, these attacks could deliberately cause the fuser in a printer to overheat and singe the paper, until shut down by a built-in unoverridable thermal switch, preventing a fire. Now, in light of this, a lawsuit has been filed by David Goldblatt of New York, seeking damages for fraudulent and deceptive business practices and is looking for class action status: "As a result of HP's failure to require the use of digital signatures to authenticate software upgrades, hackers are able to reprogram the HP Printers' software with malicious software without detection," the suit says. "Once the HP printers' software is maliciously reprogrammed, the HP printers can be remotely controlled by computer hackers over the Internet, who can then steal personal information, attack otherwise secure networks, and even cause physical damage to the HP printers, themselves." Note that HP has used digital signatures since 2009 to authenticate the firmware updates, helping to mitigate this potential problem in recent models.
Despite this though, HP still intends to patch the firmware to eliminate threats from this hack, which exploits bugs in the firmware. As these attacks have only actually been demonstrated in the lab and no actual losses have been incurred by Goldblatt, it makes one wonder if he is just using the prevailing American "victim culture" to try and make a quick buck off HP. HP are the top printer brand, mainly because their products are excellent, performing well and lasting a long time, plus other companies' printers and embedded devices have the same problems, so it seems unlikely that he would really not have bought HP printers.
Source:
CNET
Despite this though, HP still intends to patch the firmware to eliminate threats from this hack, which exploits bugs in the firmware. As these attacks have only actually been demonstrated in the lab and no actual losses have been incurred by Goldblatt, it makes one wonder if he is just using the prevailing American "victim culture" to try and make a quick buck off HP. HP are the top printer brand, mainly because their products are excellent, performing well and lasting a long time, plus other companies' printers and embedded devices have the same problems, so it seems unlikely that he would really not have bought HP printers.
20 Comments on HP's Hackable Printers: The Lawsuit
If that's the case, just about every hardware manufacturer is guilty of the same thing.
I don't really see him winning this case and he is probably just banking on the fact it will be cheaper for HP to just settle the claim, and payout something, than fight it out in court.
HP should patch and provide a utility to verify its integrity.
Whether you intentionally or unintentionally getting the exploited firmware upgrade due to user error, it's your fault and don't blame the manufacturer.
I hope he loses big in court and HP does a firmware update so this issue can be done with.
Can anyone do better?
Just make sure you start the fire at the printer, and be careful what accelerants you use as they will show up in the forensics of an arson investigation.
There is a silver lining in everything. ;)
Disclaimer : I do not encourage nor condone arson as a method of perpetrating insurance fraud.
Although I will say that their default installation package is horribly bloated if you just want to print.
Class action lawsuits, as the law allows for today, does nothing for the victims; however, it is lucritive for the lawyers involved.
They need to change the system to where there is a cap on the amount of profit that can be made by the lawyers and involved staff and/or associates. Do this and watch the courtrooms go almost vacant.
No thank you , do use the guise of suing for me to make some chump(s) rich.
Call me silly, but, shouldn't you be protecting your, network (business and/or home) yourself.
Do you really allow your devices to be updated remotely, from an outside un-secure source.
Maybe, your internet fridge or toaster. But, I would even put them behind a firewall and allow no access.
Just my opionion, as I said... and, a wee little rant.;)
Link to a good article and the court filings. (Notice it was E-filed.)
(Probably printed out on a hacked HP laser printer.:rolleyes:)
Related Video Sorta:rolleyes:
Pretty much anything with software on it can be hacked given time .