HP Printer Fire Flap: Hackers Can’t Explode Printers, HP Says in a Statement

Hewlett-Packard has issued a statement in response to government-funded research findings from Columbia University, which has reported a flaw in HP printers that enables hackers to access them, attack the network they’re on, or even overheat printers until they explode. The statement derides the findings and upcoming report as “sensational.”

The Columbia researchers told HP and federal officials of the flaw earlier this month, and gave a demonstration you can see at MSNBC, which broke the story today. The researchers, Columbia professor Salvatore Stolfo and PhD student Ang Cui, are preparing a paper on their findings. They claim — and MSNBC reports the researchers actually demonstrated — that hackers can remotely install malware on HP LaserJet printers because the printers accept update software without checking for digital signatures first. The researchers say hackers culd send an instruction to a printer that would continually heat it up, potentially causing a blow up. HP, while admitting there is a problem, explicity denies LaserJets will explode.

In a statement, HP said:

Today there has been sensational and inaccurate reporting regarding a potential security vulnerability with some HP LaserJet printers. No customer has reported unauthorized access. Speculation regarding potential for devices to catch fire due to a firmware change is false … HP LaserJet printers have a hardware element called a “thermal breaker” that is designed to prevent the fuser from overheating or causing a fire. It cannot be overcome by a firmware change or this proposed vulnerability … while HP has identified a potential security vulnerability with some HP LaserJet printers, no customer has reported unauthorized access. The specific vulnerability exists for some HP LaserJet devices if placed on a public internet without a firewall. In a private network, some printers may be vulnerable if a malicious effort is made to modify the firmware of the device by a trusted party on the network. In some Linux or Mac environments, it may be possible for a specially formatted corrupt print job to trigger a firmware upgrade. HP is building a firmware upgrade to mitigate this issue and will be communicating this proactively to customers and partners who may be impacted. In the meantime, HP reiterates its recommendation to follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed printers.


About the author

Gina Smith

Gina Smith

Based in San Francisco, Gina Smith is a New York Times bestselling author and an award-winning journalist online, in print, radio and national TV. A former tech correspondent for ABC News, Gina founded aNewDomain with John C. Dvorak and Dr. Jerry Pournelle. Email Gina at and follow her @ginasmith888 and on Google+ through her page at +Gina Smith.

  • Brian Burgess

    Yeah, the student’s claims were totally debunked. I would have a better chance setting one on fire coming home drunk and have a cig fall out of my mouth. LOL.