It certainly makes for a colorful image: A hacker manages to finagle his way into your printer and pull off a little trick that makes the trusty HP catch on fire! That's what some early coverage of research conducted at Columbia University may have led you to believe. Fortunately, that's not the case. Put away the fire extinguisher and take a breath.
Yes, researchers led by Salvatore Stolfo, professor of computer science at Columbia, concluded that a hacked printer could be made to repeat actions so often and so quickly that the paper inside could turn brown, but they caution that that is not the same thing as flames shooting out of your printer.
"There is a failsafe device on the printer that works effectively," says Stolfo. "We came close, but no cigar. Not able to actually create fire."
But what the hacker can do is more insidious and potentially more damaging. "The danger," he says, "is far greater than igniting paper in a printer. The danger is that virus writers could inject software into the printer that reveals private, personal and sensitive information. For example, the printing of your personal documents that may include your personally identifiable information, your tax forms, things of that nature. It is conceivable that that information could be scraped for data to be used for identity theft."
That, he says, could happen. "By printing a specially crafted document that looks entirely normal, will print out entirely normal, but by having done so, it could install malicious software into the printer when that document is being printed on the printer. This is the core operating system of the printer that is being replaced by malicious software and that is the first demonstration by our lab and it's quite unique and particularly dangerous."
We spoke to Keith Moore, a chief technologist at HP, who admits that there is a vulnerability to the printers tested and that HP is still going over the data presented by Stolfo's team. "We're still trying to replicate the behavior from Columbia University, so we have two model numbers that we're looking at right now in our lab," he says.
As for what HP will do to address it, Moore says, "We'll issue a software patch if we're able to replicate the defect. We take security situations very seriously."
HP's public response to the issue can be found here.
Also in this program, Google Maps can now guide you around inside a mall or airport. It means that finding your favorite store or the right gate for your flight just got easier. It also means one more thing that you won't have to figure out for yourself.