HP Disputes Report That Hackers Can Set Its Printers on Fire

Hewlett-Packard Co. (HPQ), responding to a report that hackers could take control of laser printers and make them catch fire, said those concerns aren’t valid.

“No customer has reported unauthorized access,” the company said today in a statement. Hackers can’t circumvent the thermal breaker, which is set up to prevent overheating or combustion, by manipulating a printer’s so-called firmware, Hewlett-Packard said. “Speculation regarding potential for devices to catch fire due to a firmware change is false.”

The MSNBC.com news site, citing researchers at Columbia University, said some Hewlett-Packard LaserJet printers were vulnerable to attack. It’s likely that hackers could seize control of the devices and make them catch fire or use them to penetrate otherwise-secure networks, MSNBC said.

Hewlett-Packard said today that some LaserJet printers have a “potential security vulnerability,” which it’s working to fix. Firmware refers to the fixed software functions in a device.

“HP is building a firmware upgrade to mitigate this issue and will be communicating this proactively to customers and partners who may be impacted,” the Palo Alto, California-based company said in the statement. “In the meantime, HP reiterates its recommendation to follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed printers.”

Hewlett-Packard shares rose 1.4 percent to $26.90 at the close today in New York. The shares have tumbled 36 percent this year, dragged down by sluggish sales and a failed turnaround effort by Chief Executive Officer Leo Apotheker. He was replaced as CEO by Meg Whitman in September.

To contact the reporter on this story: Nick Turner in San Francisco at nturner7@bloomberg.net

To contact the editor responsible for this story: Tom Giles at tgiles5@bloomberg.net

Press spacebar to pause and continue. Press esc to stop.

Bloomberg reserves the right to remove comments but is under no obligation to do so, or to explain individual moderation decisions.

Please enable JavaScript to view the comments powered by Disqus.