Printer vulnerabilities via firmware update
Posted Dec 1, 2011 9:45 UTC (Thu) by james
Parent article: Printer vulnerabilities via firmware update
...manufacturers could just require some manual, user-present action (e.g. press the OK button) to do a firmware upgrade. Doing it that way may be painful for corporate IT departments that need to upgrade hundreds of printers at once,
but not nearly
as painful as the results when malicious firmware is sent to the printer and the user who just wants a print job presses "OK" without reading the printer's display (assuming it has one), which will happen more often than not.
I'd suggest doing it through a password-protected web interface instead -- nearly all the network-enabled printers I've seen have one of these anyway.
to post comments)