Remember meForgot password?
    Log in with Twitter

article imageHacker forces 150,000 printers to spew out robot pictures

By James Walker     Feb 6, 2017 in Technology
A hacker has hijacked over 150,000 Internet-connected printers that have been left unsecured. Over the weekend, the devices were forced to print out a warning message, advising owners to disable remote access to prevent the printers being used in botnets.
The attack was carried out by a hacker known as Stackoverflowin. He told Bleeping Computer that he wants to raise awareness of the dangers of leaving Internet-connected printers unprotected. To do this, he took his message directly to the owners.
Stackoverflowin used an automated script to scan the Internet for insecure devices. They can be identified by detecting open ports that are be used to remotely connect to the printer. With a list of the vulnerable products compiled, the hacker then sent a print job to them all. He transmitted a text file telling users to "for the love of God, please close this port."
The first version of the message included an ASCII art picture of a robot. Later versions featured a computer and printer. It warned the printer is "part of a flaming botnet," an allusion to the potential consequences of leaving devices unsecured.
Naturally, owners soon noticed the suspect print job waiting to be read. Printers from the world's leading manufacturers, including Canon, Epson, HP, Konica Minolta and Samsung, were affected. Users took to a variety of social media platforms to ask for information on the origins of the message.
One of the messages sent by Stackoverflowin [via Reddit]
One of the messages sent by Stackoverflowin [via Reddit]
seasle123 / Reddit
Stackoverflowin insists his intentions are good, aiming to highlight the major flaws in connected devices. Most people will never use their printer's remote functionality, even though it's commonly turned on from the factory.
A hacker with malicious intentions could scan the internet and then force a rogue software update onto unsecured devices. In turn, a giant botnet could be created, turning the printers into weapons for use in future attacks.
To hide the device online, the printer's web server and remote functionality should be disabled. Alternatively, the default printing port, 9100, could be blocked from a router's settings pages. Stackoverflowin's message was intended to persuade users to disable the printer ports, preventing their device from being hijacked by other hackers.
"Obviously there's no botnet," Stackoverflowin said to news site Bleeping Computer. "People have done this in the past and sent racist flyers etc. I'm not about that, I'm about helping people to fix their problem, but having a bit of fun at the same time ;) Everyone's been cool about it and thanked me to be honest."
Stackoverflowin's weekend hijacking comes shortly after an academic paper exposed critical vulnerabilities in many network-connected printers. The flaws were introduced into the firmware years ago but still have not been patched.
Successful attacks would allow the hacker to gain control of the printer and look at documents currently stored in its memory. This could be exploited to extract sensitive information, such as company details or financial transactions. Hundreds of thousands of devices could be affected.
More about Printers, internet of things, IoT, Devices, Cybersecurity
Latest News
Top News