IT managers have been warned before to guard against attacks that target networked office printers. But here’s a twist most probably haven’t considered.
A research team from Columbia University recently demonstrated a few security flaws it found in some laser printers made by Hewlett Packard.
The study found those printers could not only be used to steal sensitive data, but also be remotely set on fire by hackers.
The attack involves flooding the machine with a string of commands, Yahoo reports. On some printer models, doing so can overheat the part of the device that applies the toner and cause it to melt down and potentially catch flame.
To load the malware that pushes the commands, the researchers used a vulnerability in the printers’ firmware update process, tricking the machine into thinking it was installing a routine update from the manufacturer.
While this type of attack may be surprising, it’s more likely businesses will face attacks designed to steal data from those office machines. To protect against those threats, experts recommend IT:
- Require authentication on the machine: In departments that regularly print confidential documents, consider getting a printer that requires a user to enter a password into the machine — some printers also use swipe cards, or even biometric fingerprint readers.
- Overwrite data: Most multifunction printers have hard drives that store printed and scanned documents — but in many situations, that’s unnecessary. In those cases, you can set the machine to erase the disk after every job.
- Check the OS: Some printers use a proprietary operating system, making them relatively safe from virus attacks. But others use a common OS and are therefore vulnerable. Find out what’s on your devices and plan accordingly.