In a recent Extremetech article a study performed by Columbia indicates that security issues with HP printer firmware could permit hackers to access IT networks containing the printer. The article sites that tens of millions of devices could be affected. There are claims that firmware changes through a hack could lead to fires. It appears that HP does not feel the report is accurate and has published its response. While the reports that hacked firmware changes could create a fire hazard are being challenged it seems some of the other reports regarding data integrity issues are getting more serious concern.
The idea behind this article seems pretty strange and yet it appears other printer manufacturers are taking it seriously enough to start to look at their own technology.
As a dealer for Kyocera Canada we have received correspondence advising that there are several reasons for their printers NOT to be affected in a similar manner. They are taking the stories seriously and feel the need to address the issue for their product line. Among other reasons given is that remote firmware upgrades for Kyocera print devices are very strictly managed by Kyocera technology and firmware is only made available to authorized Kyocera dealers for doing the upgrades.
It appears that hackers will continue to plague the technology industry by finding loopholes in the designs and especially connectivity components of devices. Everyone loses with this activity as resources are spent both by manufacturers and by consumers trying to protect themselves from the attacks.
Even if the reports prove less than as critical as the first instances indicate, they will have cost millions in lost time, frustration and insecurity around the world.
The report does describe some pretty scary things including the ability to setup the system to be able to capture data out of a print file being used by the printer. I don't claim to understand the technicalities of this claim but it does raise some very interesting and challenging possiblities. One of the most serious concerns is the inability to do a global correction since there is such a large and diverse install base.
Do you take these kinds of threats seriously? Would you change devices or brands for a more secure presence on your network? Is this too outlandish for you to consider real?
Share your experience and thoughts below.
Photo credit: Wikimedia Commons