Firmware claimed to solve combustible issue discovered by Columbia University research group.
Printer manufacturer HP has released a firmware update in response to a security flaw in LaserJet products that allows hackers to remotely reprogram the printer with custom firmware that enables unrestricted access and full control, and in instances continually heat the fusers until paper is set alight.
HP states that the update will address “the potential […] for a certain type of unauthorised access to some HP LaserJet printers” although it was “confirmed it has received no customer reports of unauthorised access”.
The flaw was discovered by a Columbia University research team, with one research team member Ang Cul later denying that the application of a firmware update would resolve the problem: “If and when HP rolls out a fix, if a printer is already compromised, the fix would be completely ineffective. Once you own the firmware, you own it forever. That’s why this problem is so serious, and so different. This is nothing like fixing a virus on your PC.”
HP are also confronted with the possibility of a class action suit, launched by David Goldblatt who claims the printer manufacturer was previously made aware of the flaw in a 2010 report by analyst firm Quocirca.