The game changes dramatically if that is NOT the worst they can do, if they can write the device firmware via the port(s) intended to be used for writing the paper. Firmware updates should access the printer through a different port, and the printer should as shipped have that port either firewalled for local subnet access only, or (much better) turned off. SOP would then be "Firmware Update Enable" -> "On" using the front panel, before running the firmware updater, which in turn should re-set the enable state to "Off" upon successfully installing the update. Paranoia should dictate re-setting to "Off" maybe 12 hours later, even if no firmware update was sent.
It's the problem of the missing hardware write-lock switch, for the umpteenth time.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds