Hacker hijacks 150,000 vulnerable printers and makes them spew hacking awareness message
A hacker called Stackoverflowin managed to exploit a critical vulnerability in printers that led to the hacking of over 150,000 printers around the world over the weekend. The hacker who claimed the responsibility said that this hack was done in good faith, as he was trying to raise awareness about the pitiful state of printer security and warn users about the vulnerability of their devices.
“It was kind of an impulse. I had been looking into printers for a while prior to this, about a few months before. I saw multiple articles about printers, and it invoked my curiosity again, and yeah, it went from there,” the hacker told The Register.
One of the messages the hacker caused to print was:
stackoverflowin the hacker god has returned, your printer is part of a flaming botnet, operating on putin’s forehead utilising BTI’s (break the internet) complete infrastructure.
Another stated:
stackoverflowin has returned to his glory, your printer is part of a botnet, the god has returned, everyone likes a meme, fix your bullsh*t.
Yet another stated:
stackoverflowin/stack the almighty, hacker god has returned to his throne, as the greatest memegod. Your printer is part of a flaming botnet.
The hacker printed a warning for the internet-connected users who were using their printing devices without any firewall protection. This is the main reason why almost any hacker can exploit them, said the hacker.
“People have done this in the past and sent racist flyers, etc. I’m not about that, I’m about helping people to fix their problem, but having a bit of fun at the same time 😉 Everyone’s been cool about it and thanked me, to be honest,” claimed the hacker.
To prove his point, Stackoverflowin used an automated script written by him and targeted the printing devices that have IPP (Internet Printing Protocol) ports, LPD (Line Printer Daemon) ports, and port 9100 left open to external connections. There were two different messages sent by the hacker; the first one showed ASCII art on a robot while the other showed ASCII art with a computer.
It was amusing as well as confusing for several users, who shared pictures of the alerts on the Twitter, Reddit and HP Forum, as many of them had no idea what to do. Even though the hack was done in good faith, printers manufacturing companies like HP, Samsung, Epson, Canon, Brother, Afico, Konica Minolta, Oki, etc. have been affected in the past few days. The hack serves as a warning to these printer manufacturers and presses the need to protect their devices through firewall protection.
It is suggested that the victims of the hack immediately close the port 9100 on their routers. Also, owners should add an admin password to their printers to keep it secure.
Just saw a stat on an infographic that said 64 percent of IT people assigned more risk to a PC than a printer, however printers are actually a bigger target and a way people are getting into the network and compromising IT infrastructure. The infographic is here. It’s a bitly /2koy1wz
This is SO shortsighted and wrong, as we see from this printer hack! As we see with this breach, printers are just mini computers! IT must take security seriously and start making a plan that includes printers. (Also, make more of an effort to shut down open ports, update firmware and buy new printers that have self-healing properties and features. And don’t forget network security! ) –Karen Bannan for IDG and HP