As if board spying, sex harassment claims, the tanking of their stock price, and a revolving door in the top executive’s office weren’t enough, Hewlett Packard now faces a threat to the one business that has reliably delivered for them over many years: their printers.
Researchers at Columbia University dropped a bombshell recently with the news that they had discovered a flaw in three of the company’s LaserJet printers that allowed the device’s firmware to be completely replaced, thus making it vulnerable to control by malicious hackers. With this kind of control, hackers could not only steal valuable user information, but cause damage (such as overheating) to the printer as well.
With its printer division generating over $6 billion a quarter in revenue, HP was clearly in no mood to let this story linger without a response. They quickly issued a statement which flatly denied the possibility that their printers could double as flame-throwing grills, while also blasting the stories surrounding the university’s study as “sensational and inaccurate.”
To cap HP’s run of back luck, last week a New York customer marched into a district court in San Jose, CA and filed a lawsuit claiming that HP sold their printers while knowing full well that they suffered from the security flaws uncovered by Columbia.
Lost in all of the hue and cry over this latest threat has been the fact that as printers have become more sophisticated, their vulnerability to this kind of hacking was not exactly a state secret. At the annual “Black Hat” hackers convention held each summer in Las Vegas, presentations and demos on printer security flaws have become fairly routine. And going back as 2007, Computerworld thoroughly documented how networked printers were being rolled out with major security issues.
In the Computerworld report, IT security expert Michael Rossman was quoted as saying that printers are “interacting with the network just like any Window-based system. They need to be secured.” Five years later, what was described then has become even more important now.
Comments