The attack was carried out by a hacker known as Stackoverflowin. He told Bleeping Computer that he wants to raise awareness of the dangers of leaving Internet-connected printers unprotected. To do this, he took his message directly to the owners.
Stackoverflowin used an automated script to scan the Internet for insecure devices. They can be identified by detecting open ports that are be used to remotely connect to the printer. With a list of the vulnerable products compiled, the hacker then sent a print job to them all. He transmitted a text file telling users to “for the love of God, please close this port.”
The first version of the message included an ASCII art picture of a robot. Later versions featured a computer and printer. It warned the printer is “part of a flaming botnet,” an allusion to the potential consequences of leaving devices unsecured.
Naturally, owners soon noticed the suspect print job waiting to be read. Printers from the world’s leading manufacturers, including Canon, Epson, HP, Konica Minolta and Samsung, were affected. Users took to a variety of social media platforms to ask for information on the origins of the message.
Stackoverflowin insists his intentions are good, aiming to highlight the major flaws in connected devices. Most people will never use their printer’s remote functionality, even though it’s commonly turned on from the factory.
A hacker with malicious intentions could scan the internet and then force a rogue software update onto unsecured devices. In turn, a giant botnet could be created, turning the printers into weapons for use in future attacks.
To hide the device online, the printer’s web server and remote functionality should be disabled. Alternatively, the default printing port, 9100, could be blocked from a router’s settings pages. Stackoverflowin’s message was intended to persuade users to disable the printer ports, preventing their device from being hijacked by other hackers.
READ MORE: ASTRONAUTS SET A RECORD FOR LONGEST FOOTBALL THROW ABOURD THE ISS
“Obviously there’s no botnet,” Stackoverflowin said to news site Bleeping Computer. “People have done this in the past and sent racist flyers etc. I’m not about that, I’m about helping people to fix their problem, but having a bit of fun at the same time 😉 Everyone’s been cool about it and thanked me to be honest.”
Stackoverflowin’s weekend hijacking comes shortly after an academic paper exposed critical vulnerabilities in many network-connected printers. The flaws were introduced into the firmware years ago but still have not been patched.
Successful attacks would allow the hacker to gain control of the printer and look at documents currently stored in its memory. This could be exploited to extract sensitive information, such as company details or financial transactions. Hundreds of thousands of devices could be affected.
