Hewlett-Packard released an urgent support notification to registered HP LaserJet printer owners. It warns users of a vulnerability that could potentially allow hackers to access certain LaserJet-branded printers. HP also released a list of affected products and gave instructions on how to fix the bug.
The Vulnerability Summary released by HP says: “A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware.”
HP recommends the following steps to avoid unauthorized firmware updates:
- Update the firmware to a version that implements code signing
- Disable the Remote Firmware Update
Code signing verifies that firmware updates are properly signed, thus preventing the installation of invalid firmware updates.
HP ends its security bulletin by saying: “HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user’s use or disregard of the information provided in this Bulletin.”
Tags: HP lasertjet bug, HP printer bug, HP printer hacking