Researchers expose printer vulnerability, turn LaserJets into literal time bombs (update)

Your precious printer might seem innocuous but, in reality, it could be a ticking time bomb just waiting for some hacker to trigger it. Oh, and we mean that not just figuratively, but literally as well -- they could actually be caused to burst into flames by some ne'er-do-well half-way around the globe. Of course, the potential doesn't end at remote arson, an attacker could easily gain access to a network or steal documents, and hijacking the lowly device would require little more than printing an infected file. So far researchers at Columbia University have only managed to exploit the hole on HP printers, but it's possible (if not likely) that others are also affected. Most printers look for a firmware update every time they receive a job but, for some reason, they rarely check the validity of an incoming file. A fake upgrade could easily be attached to a file sent over the internet, directly to a device -- no need to even trick anyone. HP says it's taking the issue very seriously and looking into the vulnerability, though, it says newer devices aren't affected (a claim the researchers challenge). For a lot more detail on the what and how check out the source link.

Update: HP (unsurprisingly) issued a rebuttal. It's working up a firmware update right now for certain flaws, but it'll have you know that "no customer has reported unauthorized access."