• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Hackers Can Make HP Printers Catch Fire!! Well, Singe Paper...

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
17,865 (2.87/day)
Location
Quantum Well UK
System Name Quantumville™
Processor Intel Core i7-2700K @ 4GHz
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (2 x 8GB Corsair Vengeance Black DDR3 PC3-12800 C9 1600MHz)
Video Card(s) MSI RTX 2080 SUPER Gaming X Trio
Storage Samsung 850 Pro 256GB | WD Black 4TB | WD Blue 6TB
Display(s) ASUS ROG Strix XG27UQR (4K, 144Hz, G-SYNC compatible) | Asus MG28UQ (4K, 60Hz, FreeSync compatible)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair AX1600i
Mouse Microsoft Intellimouse Pro - Black Shadow
Keyboard Yes
Software Windows 10 Pro 64-bit
Researchers at Columbia University have investigated the security of HP network printers and have found them wanting. The basic problem is the complexity of the devices and the fact that the authenticity of firmware updates for these devices isn't checked by using a digital signature. MSNBC published an exclusive story, explaining how by using a hacked computer, the researchers could make their test printers do various nasties, such as continuously heat the fuser unit until the paper singed, at which point the printer shut off due to the built-in safety device, a thermal switch which cannot be overridden by software. They could also be programmed to spread viruses, which would be very dangerous, as these attacking printers would be within the firewall perimeter, allowing them unrestricted access to the soft underbelly of the network. And as the MSNBC article put it so well: "Few companies are prepared to protect themselves from an attack by their own printer." Quite, seems ridiculous at first sight, doesn't it? The researches focused on HP printers, which are by far the most popular brand out there, but say that there are similar vulnerabilities within all devices which employ embedded networked computers, leaving them wide open to attack, hence the industry should wake up to this threat and fix their systems before hackers start to exploit these for real. HP for their part, played down the overall threat and disagreed on several points made by the researchers. Also, the attacks were carried out using Linux and Mac computers and the suggestion seems to be that it's somehow harder to do with a Windows computer. There's a lot more detail at the MSNBC article and readers are encouraged to check it out.



View at TechPowerUp Main Site
 

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
17,865 (2.87/day)
Location
Quantum Well UK
System Name Quantumville™
Processor Intel Core i7-2700K @ 4GHz
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (2 x 8GB Corsair Vengeance Black DDR3 PC3-12800 C9 1600MHz)
Video Card(s) MSI RTX 2080 SUPER Gaming X Trio
Storage Samsung 850 Pro 256GB | WD Black 4TB | WD Blue 6TB
Display(s) ASUS ROG Strix XG27UQR (4K, 144Hz, G-SYNC compatible) | Asus MG28UQ (4K, 60Hz, FreeSync compatible)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair AX1600i
Mouse Microsoft Intellimouse Pro - Black Shadow
Keyboard Yes
Software Windows 10 Pro 64-bit
Thanks to 95Viper for the tip. :toast:
 
Joined
Jul 19, 2006
Messages
43,609 (6.48/day)
Processor AMD Ryzen 7 7800X3D
Motherboard ASUS TUF x670e-Plus Wifi
Cooling EK AIO 360. Phantek T30 fans.
Memory 32GB G.Skill 6000Mhz
Video Card(s) Asus RTX 4090
Storage WD/Samsung m.2's
Display(s) LG C2 Evo OLED 42"
Case Lian Li PC 011 Dynamic Evo
Audio Device(s) Topping E70 DAC, SMSL SP200 Amp, Adam Audio T5V's, Hifiman Sundara's.
Power Supply FSP Hydro Ti PRO 1000W
Mouse Razer Basilisk V3 Pro
Keyboard Epomaker 84 key
Software Windows 11 Pro
Nah, flashing a firmware doesn't take much of an O/S. Most of the time you don't need an O/S to flash firmware.
 

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
17,865 (2.87/day)
Location
Quantum Well UK
System Name Quantumville™
Processor Intel Core i7-2700K @ 4GHz
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (2 x 8GB Corsair Vengeance Black DDR3 PC3-12800 C9 1600MHz)
Video Card(s) MSI RTX 2080 SUPER Gaming X Trio
Storage Samsung 850 Pro 256GB | WD Black 4TB | WD Blue 6TB
Display(s) ASUS ROG Strix XG27UQR (4K, 144Hz, G-SYNC compatible) | Asus MG28UQ (4K, 60Hz, FreeSync compatible)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair AX1600i
Mouse Microsoft Intellimouse Pro - Black Shadow
Keyboard Yes
Software Windows 10 Pro 64-bit
Anyone else see the irony in that? :laugh:

I certainly did - that's why I made absolutely sure to put it in. :D Glad you liked it.

Nah, flashing a firmware doesn't take much of an O/S. Most of the time you don't need an O/S to flash firmware.

True. The article simply said that the researchers disagreed on which was the more vulnerable platform, Linux/Mac or Windows, without elaborating. I think it's an important point and should have been elaborated.
 
Last edited:
Joined
Apr 6, 2011
Messages
703 (0.14/day)
Location
Pensacola, FL, USA, Earth
Sorry boss, the printer shutdown and I couldn't print those reports, I swear!
 

Completely Bonkers

New Member
Joined
Feb 6, 2007
Messages
2,576 (0.39/day)
Processor Mysterious Engineering Prototype
Motherboard Intel 865
Cooling Custom block made in workshop
Memory Corsair XMS 2GB
Video Card(s) FireGL X3-256
Display(s) 1600x1200 SyncMaster x 2 = 3200x1200
Software Windows 2003
No, we DONT want certificate signed firmwares! Just imagine... NO MODDING the firmware on your GPUs or your PC BIOS!

If a "hacker" can get into a corporate LAN so easily, then I'm more worried about data security issues than a few printers overheating. And rather than fiddle with overheating, why not just do a remote print run and print off a 1000 pages of pr0n or wikileaks? Far more problematic than a printer under blanket corporate IT insurance.

If the "hacker" is an internal, ie employee, then what else are they up to? If they want to cause damage, they can drop their laptop or put paperclips in the fuser.

NONSTORY
 
Joined
Jul 19, 2006
Messages
43,609 (6.48/day)
Processor AMD Ryzen 7 7800X3D
Motherboard ASUS TUF x670e-Plus Wifi
Cooling EK AIO 360. Phantek T30 fans.
Memory 32GB G.Skill 6000Mhz
Video Card(s) Asus RTX 4090
Storage WD/Samsung m.2's
Display(s) LG C2 Evo OLED 42"
Case Lian Li PC 011 Dynamic Evo
Audio Device(s) Topping E70 DAC, SMSL SP200 Amp, Adam Audio T5V's, Hifiman Sundara's.
Power Supply FSP Hydro Ti PRO 1000W
Mouse Razer Basilisk V3 Pro
Keyboard Epomaker 84 key
Software Windows 11 Pro

Kreij

Senior Monkey Moderator
Joined
Feb 6, 2007
Messages
13,817 (2.12/day)
Location
Cheeseland (Wisconsin, USA)
Why don't the "researchers" at Columbia University do something useful, like figure out how to save us money by creating quality printout while using less toner, instead of overheating fusers with firmware hacks?
 

Completely Bonkers

New Member
Joined
Feb 6, 2007
Messages
2,576 (0.39/day)
Processor Mysterious Engineering Prototype
Motherboard Intel 865
Cooling Custom block made in workshop
Memory Corsair XMS 2GB
Video Card(s) FireGL X3-256
Display(s) 1600x1200 SyncMaster x 2 = 3200x1200
Software Windows 2003
Let me rephrase what I said earlier if my point wasnt clear. Certificate signed firmware is great so that you can check the legitimacy of the firmware file before committing it to the hardware. But at the same time, being able to install uncertified firmware with a warning sign that we can still accept is what allows us to make bios and firmware tweaks. But RESTICTING a device to ONLY accept certificate firmware will stop BIOS tweaking/modding opportunities. No more BIOS editors, no flashing edited BIOS etc.
 

95Viper

Super Moderator
Staff member
Joined
Oct 12, 2008
Messages
13,041 (2.21/day)
Nah, flashing a firmware doesn't take much of an O/S.


:laugh::toast:

Other devices, too, are possible. :eek:

Why don't the "researchers" at Columbia University do something useful, like figure out how to save us money by creating quality printout while using less toner, instead of overheating fusers with firmware hacks?
More Press and probably got fed funding for the study they did.:)
 

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
17,865 (2.87/day)
Location
Quantum Well UK
System Name Quantumville™
Processor Intel Core i7-2700K @ 4GHz
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (2 x 8GB Corsair Vengeance Black DDR3 PC3-12800 C9 1600MHz)
Video Card(s) MSI RTX 2080 SUPER Gaming X Trio
Storage Samsung 850 Pro 256GB | WD Black 4TB | WD Blue 6TB
Display(s) ASUS ROG Strix XG27UQR (4K, 144Hz, G-SYNC compatible) | Asus MG28UQ (4K, 60Hz, FreeSync compatible)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair AX1600i
Mouse Microsoft Intellimouse Pro - Black Shadow
Keyboard Yes
Software Windows 10 Pro 64-bit
Why don't the "researchers" at Columbia University do something useful, like figure out how to save us money by creating quality printout while using less toner, instead of overheating fusers with firmware hacks?

Quite. Reading between the lines of that MSNBC article, I get the impression that the researchers are trying to make a name for themselves. While what they're reporting is all true, 99% of these printers are sitting inside the corporate network which will have its own defences, so it's a matter of "weighting" for this problem. It looks like they have to infect a PC first within that network, before they can nail the printer, so it takes a double effort to do this, which reduces the chances consderably of such an attack.

Of course, you do get printers and other systems that are directly connected to the internet and these are much more at risk.

One big hint that the problem isn't so bad? These vulnerable devices have been around for the last 15 years or so, so you'd think that the criminal malware writers would have exploited them widely by now if it had been profitable for them to do so.

More Press and probably got fed funding for the study they did. :)

You cynic! :laugh:
 

Completely Bonkers

New Member
Joined
Feb 6, 2007
Messages
2,576 (0.39/day)
Processor Mysterious Engineering Prototype
Motherboard Intel 865
Cooling Custom block made in workshop
Memory Corsair XMS 2GB
Video Card(s) FireGL X3-256
Display(s) 1600x1200 SyncMaster x 2 = 3200x1200
Software Windows 2003
Wall of cynicism





Er, time for me to go to bed!
 
Last edited:
Joined
Nov 18, 2006
Messages
2,964 (0.45/day)
Location
your local vending machine
System Name HTPC||Lenovo IBM ThinkPad
Processor AMD Phenom II x4 965 stock 3.4GHz||Intel C2D T9300 @ 2.5GHz
Motherboard Zotac 890GX-ITX WiFi||Lenovo 8918CTO
Cooling Stock 3x 120's||Stock stuff
Memory 8GB (2x4GB) DDR3 6-6-6-15||3GB DDR2
Video Card(s) Asus 3870x2||nVidia Quadro NVS 140M
Storage 1TB Seagate Barracuda, 1x 2TB WD EARX ||Hitachi 160GB 7200RPM
Display(s) Samsung T260HD||
Case SilverStone Grandia GD05||
Audio Device(s) on-board||on-board
Power Supply Cooler Master 450W||6-cell
Software Windows 7 Pro x64||Windows 7 Pro x64/Linux Mint x64
So that's why I've had to replace so many fusers at work :rolleyes:
 
Joined
Jul 3, 2008
Messages
174 (0.03/day)
Processor Intel Core i7 5820k
Motherboard MSI X99S-GAMING7
Cooling Corsair H105
Memory 16GB G.SKILL DDR4
Video Card(s) Gigabyte GTX1070 Gaming G1
Storage Samsung 840 Evo 256GB
Display(s) Acer Predator XB271HU
Case Corsair 800D
Audio Device(s) ASUS XONAR
Power Supply Corsair HX850i
Mouse Logitech G502
Keyboard Filco Majestouch
Software Windows 10
Printer hacking has been a pretty known security hole for many years. Simply securing your printer with a password will prevent many attacks, also changing SNMP . However if you want to have a play on your own printer there's an article dating back to 2005 that details many printer exploits and how to perform them. Many of them no longer work, but many are still current:

http://www.irongeek.com/i.php?page=security/networkprinterhacking

Last update was four years ago but there is still alot of useful information in there for Sys Admins.
 
Joined
Apr 16, 2010
Messages
2,070 (0.39/day)
System Name iJayo
Processor i7 14700k
Motherboard Asus ROG STRIX z790-E wifi
Cooling Pearless Assasi
Memory 32 gigs Corsair Vengence
Video Card(s) Nvidia RTX 2070 Super
Storage 1tb 840 evo, Itb samsung M.2 ssd 1 & 3 tb seagate hdd, 120 gig Hyper X ssd
Display(s) 42" Nec retail display monitor/ 34" Dell curved 165hz monitor
Case O11 mini
Audio Device(s) M-Audio monitors
Power Supply LIan li 750 mini
Mouse corsair Dark Saber
Keyboard Roccat Vulcan 121
Software Window 11 pro
Benchmark Scores meh... feel me on the battle field!
Who thought of this? Man.... thin line between genius and madness...
 

Mussels

Freshwater Moderator
Joined
Oct 6, 2004
Messages
58,413 (7.92/day)
Location
Oystralia
System Name Rainbow Sparkles (Power efficient, <350W gaming load)
Processor Ryzen R7 5800x3D (Undervolted, 4.45GHz all core)
Motherboard Asus x570-F (BIOS Modded)
Cooling Alphacool Apex UV - Alphacool Eisblock XPX Aurora + EK Quantum ARGB 3090 w/ active backplate
Memory 2x32GB DDR4 3600 Corsair Vengeance RGB @3866 C18-22-22-22-42 TRFC704 (1.4V Hynix MJR - SoC 1.15V)
Video Card(s) Galax RTX 3090 SG 24GB: Underclocked to 1700Mhz 0.750v (375W down to 250W))
Storage 2TB WD SN850 NVME + 1TB Sasmsung 970 Pro NVME + 1TB Intel 6000P NVME USB 3.2
Display(s) Phillips 32 32M1N5800A (4k144), LG 32" (4K60) | Gigabyte G32QC (2k165) | Phillips 328m6fjrmb (2K144)
Case Fractal Design R6
Audio Device(s) Logitech G560 | Corsair Void pro RGB |Blue Yeti mic
Power Supply Fractal Ion+ 2 860W (Platinum) (This thing is God-tier. Silent and TINY)
Mouse Logitech G Pro wireless + Steelseries Prisma XL
Keyboard Razer Huntsman TE ( Sexy white keycaps)
VR HMD Oculus Rift S + Quest 2
Software Windows 11 pro x64 (Yes, it's genuinely a good OS) OpenRGB - ditch the branded bloatware!
Benchmark Scores Nyooom.
using a printer to spread viruses... ack, when dumb devices can be used to spread malware, we're in trouble - because they're also too dumb/low powered for anti virus.
 
Joined
Sep 1, 2010
Messages
7,023 (1.34/day)
Wasn't it in the news 2 or 3 weeks ago? :confused:


The problem is they should make firmware digitally signed, and it'd be even better if firmware could be updated only locally
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
27,941 (3.71/day)
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
who has digitally signed firmware and enforces it ? (other than apple)
there is firmware that has a checksum to protect against transmission error, but i can't think of much that is protected against attacks from evil people(tm)
 
Joined
Sep 1, 2010
Messages
7,023 (1.34/day)
who has digitally signed firmware and enforces it ?

What's wrong with that? As if it violates any freedom :rolleyes:

I'm no Apple fan but I also hate when any son of a bitch can write some malicious driver or firmware to screw things up and can easily spread that shit.
 
Joined
Mar 26, 2010
Messages
9,910 (1.84/day)
Location
Jakarta, Indonesia
System Name micropage7
Processor Intel Xeon X3470
Motherboard Gigabyte Technology Co. Ltd. P55A-UD3R (Socket 1156)
Cooling Enermax ETS-T40F
Memory Samsung 8.00GB Dual-Channel DDR3
Video Card(s) NVIDIA Quadro FX 1800
Storage V-GEN03AS18EU120GB, Seagate 2 x 1TB and Seagate 4TB
Display(s) Samsung 21 inch LCD Wide Screen
Case Icute Super 18
Audio Device(s) Auzentech X-Fi Forte
Power Supply Silverstone 600 Watt
Mouse Logitech G502
Keyboard Sades Excalibur + Taihao keycaps
Software Win 7 64-bit
Benchmark Scores Classified
cool
if you hate your boss use that after you go home
 
Joined
Jan 2, 2008
Messages
3,296 (0.53/day)
System Name Thakk
Processor i7 6700k @ 4.5Ghz
Motherboard Gigabyte G1 Z170N ITX
Cooling H55 AIO
Memory 32GB DDR4 3100 c16
Video Card(s) Zotac RTX3080 Trinity
Storage Corsair Force GT 120GB SSD / Intel 250GB SSD / Samsung Pro 512 SSD / 3TB Seagate SV32
Display(s) Acer Predator X34 100hz IPS Gsync / HTC Vive
Case QBX
Audio Device(s) Realtek ALC1150 > Creative Gigaworks T40 > AKG Q701
Power Supply Corsair SF600
Mouse Logitech G900
Keyboard Ducky Shine TKL MX Blue + Vortex PBT Doubleshots
Software Windows 10 64bit
Benchmark Scores http://www.3dmark.com/fs/12108888
doubt if boss uses printers though. They just walk around looking at people's monitors and send memos.
 
Joined
Feb 18, 2006
Messages
5,147 (0.75/day)
Location
AZ
System Name Thought I'd be done with this by now
Processor i7 11700k 8/16
Motherboard MSI Z590 Pro Wifi
Cooling Be Quiet Dark Rock Pro 4, 9x aigo AR12
Memory 32GB GSkill TridentZ Neo DDR4-4000 CL18-22-22-42
Video Card(s) MSI Ventus 2x Geforce RTX 3070
Storage 1TB MX300 M.2 OS + Games, + cloud mostly
Display(s) Samsung 40" 4k (TV)
Case Lian Li PC-011 Dynamic EVO Black
Audio Device(s) onboard HD -> Yamaha 5.1
Power Supply EVGA 850 GQ
Mouse Logitech wireless
Keyboard same
VR HMD nah
Software Windows 10
Benchmark Scores no one cares anymore lols
lol at the firewall jab.

If they can get access to your networked printer they've either already gotten around the firewall or they're an internal employee.

in either of those sceanrios there's far worse things they would be doing.
 
Top