Three days ago, we brought you
news
of how researchers have made proof-of-concept attacks on HP printers by
reprogramming their firmware. Among other things, these attacks could
deliberately cause the fuser in a printer to overheat and singe the
paper, until shut down by a built-in unoverridable thermal switch,
preventing a fire. Now, in light of this, a lawsuit has been filed by
David Goldblatt of New York, seeking damages for fraudulent and
deceptive business practices and is looking for class action status:
"As
a result of HP's failure to require the use of digital signatures to
authenticate software upgrades, hackers are able to reprogram the HP
Printers' software with malicious software without detection," the suit says.
"Once
the HP printers' software is maliciously reprogrammed, the HP printers
can be remotely controlled by computer hackers over the Internet, who
can then steal personal information, attack otherwise secure networks,
and even cause physical damage to the HP printers, themselves." Note
that HP has used digital signatures since 2009 to authenticate the
firmware updates, helping to mitigate this potential problem in recent
models.
Despite this though, HP still intends to patch the firmware to eliminate
threats from this hack, which exploits bugs in the firmware. As these
attacks have only actually been demonstrated in the lab and no actual
losses have been incurred by Goldblatt, it makes one wonder if he is
just using the prevailing American "victim culture" to try and make a
quick buck off HP. HP are the top printer brand, mainly because their
products are excellent, performing well and lasting a long time, plus
other companies' printers and embedded devices have the same problems,
so it seems unlikely that he would really not have bought HP printers.
Source: c|net
No comments:
Post a Comment