After the Columbia University researchers Ang Cui and Salvatore Stolfo found a vulnerability in HP LaserJet printers that can allow a hacker to remotely control to launch cyber attacks, steal information and within a few possibilities can even destroy the device, HP finally released a firmware update as a precautionary measure which is expected to reduce the problem.
In a statement issued by the company, HP said that: "HP has built a firmware update to reduce this problem and establish proactive communication with customers and partners. So far there are no customers who reported unauthorized access to the HP device that is used. "
"HP reaffirms recommendation to perform actions according to the recommended procedure for securing the device by placing printers behind a firewall and, if possible, disable the remote firmware uploads on the printer."
While this all may go well, the problem is demonstrated again by investigators in November has caused much controversy. Some even sued the company for not warning their customers that there is vulnerability, especially since previous reports indicate that the level of security with a high risk exists in the printer.
At a moment of weakness it found a lot of debate that emerged about the circumstances in which attacks can be successfully launched and HP had to face much criticism, even from trusted security experts such as Mikko Hypponen. "First of all, how does HP do not have a signature or a certificate showing that the new firmware is the original firmware from HP?" Hypponen said.
Meanwhile, customers who depend on the model of LaserJet printers that have the vulnerability to attack immediately advised to upgrade the firmware on the device to prevent possible adverse incident.
Although HP does not report attacks that use vulnerabilities, but we never know what might have been designed or prepared by the criminals in cyberspace during this period. Also recommended to follow the instructions given by the company in Secure Printing and Imaging section to ensure you are protected in case of other bugs have also been found as a zero-day.
In a statement issued by the company, HP said that: "HP has built a firmware update to reduce this problem and establish proactive communication with customers and partners. So far there are no customers who reported unauthorized access to the HP device that is used. "
"HP reaffirms recommendation to perform actions according to the recommended procedure for securing the device by placing printers behind a firewall and, if possible, disable the remote firmware uploads on the printer."
While this all may go well, the problem is demonstrated again by investigators in November has caused much controversy. Some even sued the company for not warning their customers that there is vulnerability, especially since previous reports indicate that the level of security with a high risk exists in the printer.
At a moment of weakness it found a lot of debate that emerged about the circumstances in which attacks can be successfully launched and HP had to face much criticism, even from trusted security experts such as Mikko Hypponen. "First of all, how does HP do not have a signature or a certificate showing that the new firmware is the original firmware from HP?" Hypponen said.
Meanwhile, customers who depend on the model of LaserJet printers that have the vulnerability to attack immediately advised to upgrade the firmware on the device to prevent possible adverse incident.
Although HP does not report attacks that use vulnerabilities, but we never know what might have been designed or prepared by the criminals in cyberspace during this period. Also recommended to follow the instructions given by the company in Secure Printing and Imaging section to ensure you are protected in case of other bugs have also been found as a zero-day.
0 comment:
Post a Comment