Despite staged malware attack seven months ago, one in four HP laser jet printers still have default password settings.
Using freely available information and a budget of $2,000 (£1,280), professor Salvatore Stolfo and researcher Ang Cui from Columbia University's appropriately named Intrusion Detection System Laboratory used the printer's remote firmware update to install potentially crippling malware that could even be targeted to destroy the device itself.
While HP did challenge what turned out to be aspects of the way the demonstration was reported, the company took the conclusions seriously, acting quickly and with "diligence" to issue more than 56 firmware updates.
However, seven months later... only 1–2% (of printers connected to the Internet) have been updated. Of those, one in four is still using default password settings for printer updates.
...other brands may be just as vulnerable...
The key flaw comes because printers now have capabilities that let them receive documents from the cloud – in effect, emails.
...perhaps the "the safest bet is just not to be connected to the internet in the first place." (more)