
HP printers can be remotely controlled and set on fire, researchers claim - evo_9
http://arstechnica.com/business/news/2011/11/hp-printers-can-be-remotely-controlled-and-set-on-fire-researchers-claim.ars
======
famousactress
In a former life I worked at HP testing printer firmware. It was definitely
not unheard of for early builds to have issues where instruction loops would
cause fire hazards, or more commonly... pools of ink to be waiting at my desk
for me when I came in the next morning. Makes perfect sense to me that with
the addition of network availability, vulnerabilities like this would be very
real.. and I'm sure not limited to HP's hardware.

------
dredmorbius
UNIX anticipated this long ago: <http://www.linuxhaxor.net/?p=787>

~~~
shabble
Presumably they thought nobody would ever be foolish enough to actually
_implement_ the HCF[1] instruction.

[1] <https://en.wikipedia.org/wiki/Halt_and_Catch_Fire>

------
lukeschlather
>that most home users have InkJet printers that do not allow remote upgrades;
and that printers behind a firewall are not vulnerable to the flaw.

HP's line on this is pretty dreadful. On the one hand they suggest people
switch to a more expensive product that doesn't have any updates (and this is
supposed to be a feature.) On the other hand, they falsely claim that a
firewall will stop any attacks.

It will be interesting to see if malware authors start finding ways to hack
firmware (aside from the obvious ways this could be used in a targeted
attack.) DD-WRT/OpenWRT capable routers are of course a better target in
general, since coming up with standard payloads that can attack a variety of
routers has some pretty good proof of concept code. There's also an obvious
set of things you can do with a compromised router (create unsecured wireless,
sniff traffic, log passwords.) I'm not entirely sure what one might do with a
compromised printer that wouldn't be obvious.

------
mrsebastian
FWIW, HP has issued an official response now:
<http://www.hp.com/hpinfo/newsroom/press/2011/111129b.html>

------
kstenerud
Does this mean that HP will be having another fire sale?

Yeah, this is bad form on HN but I couldn't resist ;-)

