A security vulnerability discovered in Hewlett-Packard printers would allow hackers to steal data from the printers, cause them to burst in flames or be used as a launchpad to attack other computers connected to the printers.
The flaw lies in the design of HP’s LaserJet printer models, and possibly other printer models as well, which allows the firmware on the printers to be upgraded remotely, according to MSNBC, which first reported on the vulnerability.
Each time the printer accepts a print job from a computer, it examines the job for any software updates that might be included in the request. Because the HP firmware doesn’t require a digital signature to verify that an upgrade is authentic, attackers can send specially crafted files to the printer that contain malicious code. They can do so remotely if the computer is configured to print jobs sent to it over the internet.
The researchers, conducting a quick scan of the internet, were able to find 40,000 devices connected to the internet that they said could be quickly infected in this way.