Back in the days of yore, hackers used to threaten users with physical damage like burning a hole into their CRT.1 It’s been a long time since true, physical damage threats have percolated but now security researchers are proposing they could set your printer on fire. The simplicity of network connected printers has also made a persistent presence on a target’s network much easier. Essentially, nobody ever checks whether the firmware loaded on a printer is the version provided by the OEM and their ubiquitous presence and 24/7 uptime make them prime targets. The hackers are completely replacing the embedded firmware in popular printer models with their own custom brew allowing them to steal printed documents remotely or finagle with the printer’s internal mechanism (like overheating a laser fuser). HP responded to the claims that it’s newer printers require digitally signed firmware and that the threat of fire is impossible due to thermal safeguards on the fuser element.
1 It should be noted this attack is not the same as image burn-in that popularized screensaver software but rather adjusting the vertical and horizontal sync registers in the EGA/VGA chips to focus an entire screen’s worth of information into a single spot.
Similarly tagged OmniNerd content: