A big thanks to Matt for sending me this one. So you are probably wondering why I am interested in this stuff? Pretty much because if someone can create a fire remotely, that falls under the category of cyber crime and/or cyber warfare.
But it can also fall under the category of cyber assassination, which is something I have written about in the past. The ability to remotely and physically attack someone else, all online and anonymously, is quite the thing. Stuff like this could be used to start fires in homes while people are sleeping, or starting fires in office buildings. The idea being, using fire as a weapon.
It also brings up another thought. With computers and smart phones, are there hacks that could cause those devices to catch fire? Or what about electric vehicles with wireless computer capabilities, that have large amounts of lithium batteries in them? Chevy’s Volt, a battery powered electric car, recently had some issues with catching on fire. If you could remotely turn an electric car into a fire ball, that too could be a weapon.
There is no word yet if an actual attack has ever occurred using this method, but it is something to keep an eye on. I am sure HP will come up with a counter to this hack, or try to refute what these guys did. Check it out. –Matt
Hackers Can Set Your HP Printer On Fire, Researchers Demonstrate
Nov 29, 2011
HP is investigating a claim that essentially any LaserJet the company made before 2009 — about 100 million have been sold since 1984 — could be remotely instructed to catch fire, according to a report on MSNBC.com.
Researchers at Columbia University, under a series of government and industry grants, have shown that the printers can be remotely controlled by hackers over the Internet, allowing them to not only steal information but even cause physical damage.
In one demonstration, Columbia professor Salvatore Stolfo and colleague Ang Cui showed how a hijacked system could be sent commands that would overheat the printer’s fuser, causing the paper to brown, smoke, and sometimes even catch fire.
Researchers believe the vulnerability could have widespread implications. “The research on this is crystal clear,” Stolfo told MSNBC.com. “These devices are completely open and available to be exploited.”
Every time a printer accepts a job, it checks for software updates. Since LaserJet printers manufactured before 2009 don’t verify the source of the update, nefarious hackers can easily intercept these requests and implant their own “updates” — a flaw that left security experts aghast.
“First of all, how the hell doesn’t HP have a signature or certificate indicating that new firmware is real firmware from HP?” said Mikko Hypponen, head of research at security firm F-Secure, when told of the flaw.
“Printers have been a weak spot for many corporate networks,” Hypponen told MSNBC.com. “Many people don’t realize that a printer is just another computer on a network with exactly the same problems and, if compromised, the same impact.”
HP said Monday that it is investigating the reports but couldn’t confirm the claims, said Keith Moore, chief technologist for HP’s printer division. “Until we verify the security issue, it is difficult to comment,” Moore told MSNBC.com.
Story here.