Two researchers at Columbia University in New York say they've found a flaw in ordinary office printers that lets hackers hijack the devices to spy on users, spread malware and even force them to overheat to the point of catching fire.
"The problem is, technology companies aren't really looking into this corner of the Internet. But we are," Salvatore Stolfo, the Columbia professor overlooking the research, said to MSNBC's Bob Sullivan, who first reported the story.
Stolfo and his fellow researcher Ang Cui sent a Hewlett-Packard LaserJet printer various bogus firmware updates. One made the fuser overheat, causing the paper in the printer to yellow and smoke until the machine shut down.
When a tax return was sent to the printer as a print job, another bogus update secretly forwarded the document, complete with Social Security numbers, to a second computer.
"The research on this is crystal clear," Stolfo said. "The impact of this is very large. These devices are completely open and available to be exploited."
To be fair, printer vulnerabilities have been known for some time. In January, researchers at a hacker conference showed how Internet-connected printers could be hijacked to spread malware through office networks. More than a year ago, researchers showed that all-in-one printer-scanner hybrids could be made to post sensitive documents online.
The fuser-overheating flaw is similar to research recently done by Mac hacker Charlie Miller, who showed how bogus firmware upgrades to Apple laptop batteries could cause them to overheat as well.
Hewlett-Packard, which had been informed of the printer flaws before the Columbia researchers made them public, disputed that the problems were as bad as the researchers made them out to be.
"This is probably not as broad as what I had heard in their first announcement," Hewlett-Packard's Keith Moore told MSNBC. "It sounds like we disagree on what the exposure might be."
- 10 Things You Didn't Know Could Be Hacked
- Is Your Password Among the 25 Worst?
- Small Business Internet Security Suites Review
© TechMediaNetwork.com. All Rights Reserved.