New research reveals that millions of printers are vulnerable to rogue firmware updates.
One particularly vexing part of the fix: Printers that are already compromised by rogue software likely cannot be fixed. An attacker could easily shut down the pathway for future updates that would "cure" an infected printer.
"If and when HP rolls out a fix, if a printer is already compromised, the fix would be completely ineffective. Once you own the firmware, you own it forever. That's why this problem is so serious, and so different," Cui said. "This is nothing like fixing a virus on your PC."
Such inability to help consumers manually secure their printers could ultimately have disastrous consequences, Stolfo said.
"It may ultimately lead to telling everyone they just have to throw their printers out and start over," he said. "Fixing this is going to require a very coordinated effort by the industry," Stolfo said.
Bonus conspiracy theory: follow the money. What's the best way to sell millions of new printers in a bad economy?