Paper jams used to be the biggest danger that printers posed to businesses. But new research examines whether this relatively innocuous piece of office equipment could pose just as serious a security threat to a small business as an unprotected computer system.

Several lines of HP laser jet printers contained security flaws within their existing firmware, "allowing a remote update" and making them vulnerable to attacks from hackers, says Columbia University computer science professor Salvatore Stolfo, who led the team of researchers. Their study was specific to the HP 2055, 4005 and 3800 models, which can be popular with small and mid-sized businesses; however, Stolfo points out that the security issues are not exclusive to HP, but that many different types of printers could have similar flaws. If hackers have already tried to exploit these flaws, Stolfo estimates millions of printers could be at risk. "You could have malicious firmware in these devices and you wouldn't know it," he told The Huffington Post.

The Columbia University researchers succeeded in hacking printers and even tried to send instructions to the printers that would overheat them and turn them into fire starters. Contrary to inferences of some earlier reports, that experiment did not succeed, as a thermal switch in the printer shut the machine down before a fire could start.

What the researchers were able to do is something Stolfo considers even more dangerous: By sending a remote update to the firmware, they infected a printer and then were able to send tax documents printed on it to a duplicate computer that then scanned the taxes for confidential information such as Social Security numbers. "That danger is worse" than a fire, Stolfo says, "because the printer can be turned into a malicious device."

HP responded with a release on Tuesday stating, "There has been sensational and inaccurate reporting regarding a potential security vulnerability with some HP LaserJet printers. No customer has reported unauthorized access. Speculation regarding potential devices to catch fire due to a firmware change is false. HP LaserJet printers have a hardware element called a 'thermal breaker' that is designed to prevent the fuser from overheating or causing a fire. It cannot be overcome by a firmware change or this proposed vulnerability."

Keith Moore, HP's chief technologist, also disagrees that the threat of security breaches through printer hacking could already be widespread. Moore points out that the researchers didn't use passwords on the printers they tested and adds that no consumers have reported similar incidents. "There has been no data at all that any of this has been exploited. So we're looking at the theoretic possibility, in a lab, to see if that can ever occur in a real world situation."

Another safeguard Moore points out is that HP only uses signed firmware on its newer printers, which would make unauthorized firmware updates impossible. Though Stolfo says one of the printers the researchers tested was a 2010 model purchased from a store this September, Moore clarified that particular printer was introduced in 2008 but continues to ship. "It's a good model, and that goes to reliability and security and safety of the product," Moore says. "People like these printers.

"We've only had to issue a security bulletin six times since 1984, and only one of those was in the last year," Moore adds. "If we get notified [of a security claim], we isolate the problem, verify it, fix it and roll out a security bulletin. That didn't happen in this case, so we're now taking each claim and each statement in each item and trying to replicate everything. Anything is possible in a lab, but in a real world environment, a lot of things are really difficult to do."

Stolfo and Moore's teams are now working together on the issues. "We're still evaluating what they did and the scope of those things so we can understand that particular attack and what the vulnerability might be," Moore says. "We're working really hard together and if we find something, we will address this. We take security issues very seriously."

In the regard, Stolfo is optimistic that ultimately the research will result in more protection. HP, he reports, "is now studying this seriously and deeply and assessing the potential breadth of the problem and how best to mitigate this risk. Stay tuned -- I think [HP] is going to figure out the right solution and have an appropriate response."

Even if a problem and solution is found, Stolfo believes this may just be the beginning of a bigger issue for businesses, as the danger could spread beyond beyond just printers to any type of single purpose device, such as routers or teleconference tools. "Other manufacturers should look at their security architecture, too," he warns.