Potential HP Remote Exploit

I remember my first computer. It was a standalone system that booted directly to the Microsoft DOS prompt. There were no logins nor passwords. There were no real security measures to protect files on disk or processes in memory. Floppy disks were the primary means of transferring data between computers. Bulletin board systems were popular at the time, but without a modem, a computer could not be connected. There was no concern, aside from a burglar taking my computer, of data theft and security.

As more and more devices are added to the Internet, security becomes increasingly important. There has been news lately of the potential for remote exploits in HP printers. The addition of printers, phones, coffee makers, security systems, and other devices to a network enlarges the attack surface for that network. A larger attack surface provides an adversary with more potential vulnerabilities for exploitation. An HP representative can downplay the possibility of using malicious code to remotely start a fire, but this should not distract people from the fact that malicious code can do destructive things with less fanfare such as silently forwarding copies of confidential information to adversaries or identity thieves. It is important that network devices, specifically printers, keep up with current security practices. And, it is important that we continue to implement systems that are secure by default.

Questions, comments, and responses are welcomed and appreciated.

Leave a Reply