Firmware exploit could set some HP printers on fire

Security researchers discovered printers from HP and possibly other printer makers are vulnerable to firmware exploits. Affected printers connect to the Internet and use a "Remote Firmware Update" process to update the printer's software, but because the updates are unsigned they can come from anyone.

Hackers can use the exploit to steal personal information and perhaps even set offices on fire. Columbia University Professor Salvatore Stolfo showed the press how attackers can heat up a printer fuser. During the demonstration paper in the printer turned brown and began to smoke before the printer's temperator-sensor shut off the printer to prevent a fire. But not all printers have such a safeguard.

HP insists it adopted digital signing on all its new printers since 2009, but the researchers found unsigned printers still being sold at office retailers in September 2011.

The attack can occur remotely, if the printer is set up for "cloud printing" as HP is particularly fond of. Researchers scanned the internet and in minutes found 40,000 printers they could have potentially set the "catch fire" command & control package to.

But the true number of vulnerable machines could be much, much higher. Comments Professor Stolfo, "I think it is very wise to broadcast the problem as soon as possible so all of the printer manufacturers start looking at their security architectures more seriously. It is conceivable that all printers are vulnerable. �Printers that are 3-, 4-, 5-years-old and older, I'd think, all used unsigned software. The question is, 'How many of those printers are out there?' It could be much more than 100 million."

Or in the case of good old-fashioned local printers, an on-site attack using a virus laden document print-job can offer equivalent access. Once the printer has received orders, its firmware is updated deleting the standard operating system and installing a malicious variant.

Mikko Hypponen, head of research at Finnish security firm F-Secure, was astounded by the flaw. He comments, "First of all, how the hell doesn't HP have a signature or certificate indicating that new firmware is real firmware from HP? Printers have been a weak spot for many corporate networks. Many people don�t realize that a printer is just another computer on a network with exactly the same problems and, if compromised, the same impact."

More info about the exploit can be read at DailyTech. Security experts warn printer exploits are just the start of a whole new wave of attacks. An increasing number of digital electronics are becoming connected to the Internet, but unfortunately security is usually not a priority when designing these functionalities.

Firmware exploit could set some HP printers on fire - More news at DV Hardware

Unreal Engine 4 could launch in 2014

Neowin writes the next Unreal Engine may still be a couple of years away:

In a new interview at IGN, Epic Games' main programmer Tim Sweeney admits, "I spend about 60 percent of my time every day doing research work that's aimed at our next generation engine and the next generation of consoles." However he added, "This is technology that won't see the light of day until probably around 2014, but focusing on that horizon enables me to do some really cool things that just aren't practical today, but soon will be."

Sweeney said that for Unreal Engine 4, the biggest issue will be to optimize the engine to work on many more CPU cores than what's currently available today. He states, "... the big challenge will be redesigning our engine and our workload so that we scale more of these different computer tasks between CPU cores seamlessly in real-time and dynamically so that you're always getting the maximum computing power out with the engine, regardless of what sort of work you're doing." He adds that for the next 10 years he is looking to see games that have true movie quality graphics which in his opinion means, " ... no flicker in the visuals, no popping artifacts, no bulky character outlines on the screen at all."

Unreal Engine 4 could launch in 2014 - More news at DV Hardware