The Latest in IT Security

HP patches printer firmware flaw, but leaves customers guessing


Laser printerThere’s a serious security vulnerability on some HP LaserJet printers.

The good news is that it’s been patched. The bad news is that you don’t know if your HP LaserJet printer needs the fix – because HP hasn’t told you.

Late last year, owners of HP LaserJet printers were warned that their confidential data could be at risk, because of a security vulnerability in the devices.

Researchers at Columbia University demonstrated to reporters that it was possible for remote hackers to install malicious firmware on certain HP printers, without the owner necessarily realising that they were under attack.

Although there was speculation that affected printers could also be fire hazards, that fear appears to have been overhyped – but there were genuine security concerns raised by the vulnerability.

The good news is that HP snuck out a fix for affected printers on December 23, 2011. The bad news is that HP customers have no way of knowing if they might need it or not.

HP press release

The normal convention for companies disclosing a flaw, is to document which products are affected and what the risks are if the vulnerability is not patched. That, after all, is useful information for customers and helps them decide if they need to take action.

HP, however, hasn’t provided any details about which printers are impacted by the vulnerability – which means that you don’t know if you need to update your printer’s driver or not.

Instead, HP recommends that LaserJet owners visit and select “Drivers”.

Imagine the millions of people who could waste their time, looking for a driver update when it might be that their printer doesn’t require one. Wouldn’t it have been easy and much *better* for HP to have been a little more open about which of their products suffer from the security issue?

My suspicion is, sadly, that HP’s lack of information and low key response to the security vulnerability will simply mean that many LaserJet owners will be blissfully unaware that they could be at risk, and won’t look for a driver update.

Be honest – if you have an HP LaserJet, have you gone looking for a driver update since December 23rd?

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments