[Noisebridge-discuss] Millions of printers open to devastating hack attack, researchers say

[Jake]

Hewlett Packard, in a statement, said all its printers include such 
thermal switches, and these would prevent a printer fire in all cases.
"(The thermal breaker) cannot be overcome by a firmware change or this 
proposed vulnerability," it said.

http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say?google_editors_picks=true

Still, a widespread flaw in LaserJet printers would raise serious issues. 
Hewlett Packard dominates the printer market; the firm says it's sold 100 
million LaserJet printers since 1984, meaning millions of computers could 
be vulnerable. HP, by far the dominant printer seller worldwide with 42 
percent of the market, sells about 50 million printers of all kinds 
annually, according to IDC.

In an exclusive demonstration for msnbc.com at Columbia Universitys 
Intrusion Detection Systems Laboratory, Cui and Stolfo revealed the kind 
of havoc an attacker could wreak once they gained control of a printer. 
After sending a virus-laced print job to a target printer, the device's 
small screen read, in sequence, "Erasing...Programming...Code Update 
Complete."

In one demonstration, Cui printed a tax return on an infected printer, 
which in turn sent the tax form to a second computer playing the part of a 
hackers machine. The latter computer then scanned the document for 
critical information such as Social Security numbers, and when it found 
one, automatically published it on a Twitter feed.

A hacker who merely wanted to wreak havoc could easily disable thousands 
or perhaps millions of vulnerable printers, Cui said, as it is trivial to 
send the printer upgrades that would render it inoperable.