Hackers can use the exploit to steal personal information and perhaps even set offices on fire. Columbia University Professor Salvatore Stolfo showed the press how attackers can heat up a printer fuser. During the demonstration paper in the printer turned brown and began to smoke before the printer's temperator-sensor shut off the printer to prevent a fire. But not all printers have such a safeguard.
HP insists it adopted digital signing on all its new printers since 2009, but the researchers found unsigned printers still being sold at office retailers in September 2011.
' The attack can occur remotely, if the printer is set up for "cloud printing" as HP is particularly fond of. Researchers scanned the internet and in minutes found 40,000 printers they could have potentially set the "catch fire" command & control package to.
But the true number of vulnerable machines could be much, much higher. Comments Professor Stolfo, "I think it is very wise to broadcast the problem as soon as possible so all of the printer manufacturers start looking at their security architectures more seriously. It is conceivable that all printers are vulnerable.