Late last year, owners of HP Laser Jet printers were warned that their confidential data could be at risk, because of a security vulnerability in the devices.Researchers at Columbia University demonstrated to reporters that it was possible for remote hackers to install malicious firmware on certain HP printers, without the owner necessarily realising that they were under attack.If you’ve downloaded the appropriate update for your printer, follow these steps to properly install it on your machine: Affected HP cartridges: Remanufactured Replacement for HP 934XL High Yield Black Ink Remanufactured Replacement for HP 935XL High Yield Cyan Ink Remanufactured Replacement for HP 935XL High Yield Magenta Ink Remanufactured Replacement for HP 935XL High Yield Yellow Ink Remanufactured Replacement for HP 950XL High Yield Black Ink Remanufactured Replacement for HP 951XL High Yield Cyan Ink Remanufactured Replacement for HP 951XL High Yield Magenta Ink Remanufactured Replacement for HP 950XL High Yield Yellow Ink Affected HP Printers for the HP 934/935 Cartridge Series: HP Office Jet 6812, HP Office Jet 6815, HP Office Jet Pro 6230, HP Office Jet Pro 6830, HP Office Jet Pro 6835 Affected HP Printers for the HP 950/951 Cartridge Series: HP Office Jet Pro 251dw, HP Office Jet Pro 276dw MFP, HP Office Jet Pro 8100, HP Office Jet Pro 8600, HP Office Jet Pro 8600 Plus, HP Office Jet Pro 8600 Premium, HP Office Jet Pro 8610, HP Office Jet Pro 8615, HP Office Jet Pro 8620, HP Office Jet Pro 8625, HP Office Jet Pro 8630 HP, Office Jet, and the HP logo are registered trademarks of Hewlett-Packard Development Company, L.P., and is not affiliated with, and does not endorse, LD Products.stated that it will shortly issue a new firmware update that will enable users to use non-HP ink cartridges.The firm notes that, in the printer business, it’s standard for vendors to authenticate supplies such as toner and ink cartridges.See the Virus pages or the Security News Alerts for information about Code Red and other viruses or worms that may be causing printers to perform stack dumps.Description of the Stack Dump Problem Printers that have been performing stack dumps (printing out pages with error codes and strange data) are being affected by various viruses and worms on the Internet.
A class-action lawsuit was filed against HP over the move in Alabama (see “HP Faces Class Action over Printer Firmware “Time Bomb” That Prevented Use of Aftermarket Cartridges”), and we just learned of yet another class action related to the firmware update that was filed in California (see “A Second Class Action Filed against HP over Inkjet Printer Firmware Update”).
On September 18, HP initially provided a very short statement declaring that the firmware update was designed to “protect HP’s innovations and intellectual property” and that its printers would “continue to work with refilled or remanufactured cartridges with an Original HP security chip.” The problem, of course, is that most third-party cartridges use third-party chips so as to offer fuller functionality.
But after two weeks of bad press, HP is changing its tune—kind of.
The bad news is that HP customers have no easy way of knowing if they might need it or not.
The normal convention for companies disclosing a flaw, is to document which products are affected and what the risks are if the vulnerability is not patched.