HP Printer Support: HP Security Warning / Printer Vulnerability
HP has issued an urgent support notification to HP LaserJet printer owners warning of a vulnerability that could allow hackers unauthorized access to 50 printer models.
HP says that no reports have been made of the affected laserjet printers being accessed through the vulnerability, but has posted a web page with the list of affected printers and instructions for fixing the bug.
The company offered little details about the vulnerability, which makes it possible to remotely install unauthorized printer firmware on the affected LaserJet printers “on a public Internet without a firewall, or for LaserJet printers in a private network, if a malicious effort is made by a party on the private network to modify the firmware of the device.”
Some of the affected LaserJet printers require a firmware update that implements code signing to verify that firmware updates are properly signed and not malicious, while other devices on the list do not appear to require this step.
All of the printers should have their Remote Firmware Update capability disabled, though for some LaserJet printers, this appears to require yet another separate firmware update HP is providing that allows the function to be turned off.
LaserJet printer owners should check out HP’s list of affected printers and security bulletin, and if the process of applying the fix proves too complicated, contact US Laser, Inc. at 888-875-1737 or firstname.lastname@example.org.