Security researchers from Columbia University have alleged that HP is selling printers with a vital loophole that allows hackers with malicious intentions to control them.
MSNBC ran a detailed article on the allegations that hackers could remotely take over HP LaserJet Printers and set it on fire using a predefined set of instructions.
Once taken over, sensitive personal information can be stolen, networks can be attacked and set on fire by executing a set commands designed to heat the printer up.
HP responded to MSNBC with a statement that it is evaluating the problem but contended that the claims by Columbia PhD student Ang Sui and Prof. Salvatore Stolfo are highly exaggerated.
The Prof-student duo claims that the printers are accepting software updates without verifying digital signatures and they are able to remote install malicious software onto it.
In a demonstration of the flaw, the researchers demostrated how by giving instructions, they could heat up the printer fuser of a hijacked computer, which is designed to dry the ink once it is applied to paper, ultimately causing it to burn and smoke. In the same demo, a thermal switch shut the printer down before a fire started. But the researchers expressed their apprehension that such things can easily cause real-world damage if not checked immediately.