Using freely available information and a budget of $2,000 (£1,280), professor Salvatore Stolfo and researcher Ang Cui from Columbia University's appropriately named Intrusion Detection System Laboratory used the printer's remote firmware update to install potentially crippling malware that could even be targeted to destroy the device itself.
However, seven months later... only 1–2% (of printers connected to the Internet) have been updated. Of those, one in four is still using default password settings for printer updates.
...other brands may be just as vulnerable...
The key flaw comes because printers now have capabilities that let them receive documents from the cloud – in effect, emails.
...perhaps the "the safest bet is just not to be connected to the internet in the first place." (more)
