Printers Can Be Hacked to Catch Fire

These devices are completely open and available to be exploited, a researcher says

Join Our Community of Science Lovers!

Two researchers at Columbia University in New York say they've found a flaw in ordinary office printers that lets hackers hijack the devices to spy on users, spread malware and even force them to overheat to the point of catching fire.

"The problem is, technology companies aren't really looking into this corner of the Internet. But we are," Salvatore Stolfo, the Columbia professor overlooking the research, said to MSNBC's Bob Sullivan, who first reported the story.

Stolfo and his fellow researcher Ang Cui sent a Hewlett-Packard LaserJet printer various bogus firmware updates. One made the fuser overheat, causing the paper in the printer to yellow and smoke until the machine shut down.

On supporting science journalism

If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.

When a tax return was sent to the printer as a print job, another bogus update secretly forwarded the document, complete with Social Security numbers, to a second computer.

"The research on this is crystal clear," Stolfo said. "The impact of this is very large. These devices are completely open and available to be exploited."

To be fair, printer vulnerabilities have been known for some time. In January, researchers at a hacker conference showed how Internet-connected printers could be hijacked to spread malware through office networks. More than a year ago, researchers showed that all-in-one printer-scanner hybrids could be made to post sensitive documents online.

The fuser-overheating flaw is similar to research recently done by Mac hacker Charlie Miller, who showed how bogus firmware upgrades to Apple laptop batteries could cause them to overheat as well.

Hewlett-Packard, which had been informed of the printer flaws before the Columbia researchers made them public, disputed that the problems were as bad as the researchers made them out to be.

"This is probably not as broad as what I had heard in their first announcement," Hewlett-Packard's Keith Moore told MSNBC. "It sounds like we disagree on what the exposure might be."

It’s Time to Stand Up for Science

If you enjoyed this article, I’d like to ask for your support. Scientific American has served as an advocate for science and industry for 180 years, and right now may be the most critical moment in that two-century history.

I’ve been a Scientific American subscriber since I was 12 years old, and it helped shape the way I look at the world. SciAm always educates and delights me, and inspires a sense of awe for our vast, beautiful universe. I hope it does that for you, too.

If you subscribe to Scientific American, you help ensure that our coverage is centered on meaningful research and discovery; that we have the resources to report on the decisions that threaten labs across the U.S.; and that we support both budding and working scientists at a time when the value of science itself too often goes unrecognized.

In return, you get essential news, captivating podcasts, brilliant infographics, can't-miss newsletters, must-watch videos, challenging games, and the science world's best writing and reporting. You can even gift someone a subscription.

There has never been a more important time for us to stand up and show why science matters. I hope you’ll support us in that mission.

Thank you,

David M. Ewalt, Editor in Chief, Scientific American