MSNBC reported today on a story that could have huge consequences for Hewlett Packard, the leading manufacturer of printers. Researchers at Columbia University have identified a vulnerability that they claim could impact all HP and other laserjet network printers. The hack would allow a remote user to reprogram a vulnerable printer and take control of it. Once reprogrammed, an infected printer could be instructed to perform a variety of tasks, including sending documents back to the remote user, disabling itself, or even heating up. In one demonstration, researchers instructed the printer’s ink-drying mechanism to become so hot that it caused paper to smoke. While the printer being tested had a safety shut-off, it is not clear whether every printer would disable itself before starting a fire.
According to MSNBC, Hewlett Packard is still attempting to verify the vulnerability and disputes some of the researchers’ claims. But if the researchers are correct, then HP, and likely other manufacturers will have to scramble before a malicious user attempts to take advantage of the security hole. If users’ or businesses’ printers are infected, HP could be liable for any damage caused, particularly if it was aware of or should have been aware of the problem and failed to take appropriate steps to fix it.