A New York resident, David Goldblatt, has blamed HP for having sold him printers which contained security flaws. According to him, HP well knew about the flaws and yet sold them. And that this compromised the security of his printer, making it vulnerable to exploits by hackers.
The suit is aimed specifically against HP’s Laserjet printers which the plaintiff of the case bought. He said that the printers were vulnerable to security breaches and the company knew it. And that if he had been told about them, he would never have bought the printer.
Security issue in printer updates:
The security issue in HP printers’ update software has been cited a few times in the past. The issue is that whenever a new command is given for a print, the printer first checks a security update available online for the printer and then downloads it. However, in doing so, it doesn’t check for any digital signature on the update. This means that any hacker can made a piece of code look like an update for the printer and persuade the printer to download it. Once this is done, the hacker can then access all the data that goes through the printer as well as control the printer itself. The hacker can then also cause the printer to heat up so that it will damage the hardware. HP, on the other hand, claims that a printer is open to threats only if it is made available online without putting it behind a firewall. Which of the two parties stands corrected remains to be seen as the court’s proceedings over the case will unfold.
Image courtesy heipei.