> method where an update is delivered as a print job
I wonder if this is a way to install custom firmware. Probably not. I would guess that the code that decodes the firmware from the print job probably passes it through the same signature check code as the regular firmware update process.
Still it's an interesting route for exploit exploration.
Generally a modern printer has a shitty embedded Linux install in it. There's more than likely an exploitable vulnerability in the network services; even more so if it serves a web admin interface.
The complexity is really in constructing the replacement firmware to drive the hardware correctly; developing that is probably easier if you dismantle the printer and find debug leads on the motherboard. Getting the common chips like networking going sounds doable, but for the actual printing there's lots of trade secrets around driving the actual printing hardware.
A more likely route: a Chinese factory should be able to make a smallish batch of cheap monochrome laser printers with good-enough print quality, publish badly-written but usable specs for it, and make it easy to replace the firmware.
I wonder if this is a way to install custom firmware. Probably not. I would guess that the code that decodes the firmware from the print job probably passes it through the same signature check code as the regular firmware update process.
Still it's an interesting route for exploit exploration.