HP printers allegedly contain security vulnerability
Most businesses and consumers are mindful of data security risks presented by computers and mobile devices, but printers may also provide an entry point vulnerable to hackers.
According to a CNET report, a lawsuit was recently filed against Hewlett-Packard alleging the company knowingly sold printers containing software that allows updates over the internet without digital signatures.
"As a result of HP's failure to require the use of digital signatures to authenticate software upgrades, hackers are able to reprogram the HP printers' software with malicious software without detection," the lawsuit said, as reported by CNET. "Once the HP printers' software is maliciously reprogrammed, the HP printers can be remotely controlled by computer hackers over the Internet, who can then steal personal information."
The printers' automatic software update feature allows hackers to install customized firmware, enabling them to access the printer and possibly networks connected to it, the report said. Researchers printed a tax return form on a hacked HP printer, and then sent it to a second computer that tweeted a Social Security number from the document.
With data and identity theft continuing to cause major problems for organizations, IT managers are constantly required to adapt to new security threats as cybercriminals adjust their hacking techniques.