UBT's Response to HP Lawsuit Over Flaming-Printer Hack

Friday, December 09, 2011

It was recently reported by MSNBC that  "HP LaserJet printers built before 2009 will accept remote firmware updates without properly checking where they come from.  This means that - at least in theory - a hacker could cook up a malicious firmware update and upload it to a printer to make it stop working, spy on print jobs, or maybe even set the printer on fire."

UBT wants to ensure that our customers' equipment and data are protected - please see below for Canon and SmartPrint Security safeguards:

Canon Security

1.  Canon devices do not automatically check for firmware upgrades unless specified to.  This feature can be turned on or off.

2.  The firmware cannot be updated via a print job sent to the machine.

3.  Canon devices are upgraded in two secure ways, Physically at the device using: a.) proprietary utilities and firmware or b.) Remotely using Canon's secure CDS and UGW delivery system directly to the device.

4.  The Universal Send feature, when configured with a Canon device, is typically configured only to send emails never to receive emails, which prevents spam and unauthorized use.

5.  Furthermore, Canon's advanced line of copies have advanced security options that provide encryption, digital signatures and additional security layers to further protect the client's network and the Canon device itself.

SmartPrint Security

1.  Typically, most network printers are behind a companies' firewall and are unable to be accessed from outside the domain.

2.  The DCA as of today does not facilitate attacks of this nature on printers.  Today, we read data from the MIB which is the data storage component of the printer memory and not the memory segment that holds executable code.

3.  With the advanced security features Canon provides, along with current network policies and protocols, most Canon MFPs are securely behind network firewalls and are unable to receive firmware upgrades via print jobs.

4.  Firmware updates are securely performed by a certified service technician using proprietary Canon utilities.

If you have any further concerns, please contact us at 703.917.0100 or email info@ubti.com.