Hacker compromises 150,000 internet-connected printers, sends out warning messages

midian182

midian182

Posts: 9,738   +121
Staff member

Not all hacks are malicious. Much like the attack on child porn-hosting Dark Web service FH2, some are carried out with good intentions. This appears to be the case with white-hat security enthusiast Stackoverflowin, who recently commandeered 150,000 printers left accessible via the internet.

Over the weekend, printers from large offices, homes, and even the tiny receipt printers in restaurants across the world suddenly started printing out various messages, including: “stackoverflowin the hacker god has returned, your printer is part of a flaming botnet, operating on putin’s forehead utilising BTI’s (break the Internet) complete infrastructure,” and “for the love of God, please close this port, skid [script kiddie].” They included some ASCII art of robots and a computer, along with Stackoverflowin’s email address and twitter handle.

The hacker achieved this by writing and then running an automated script that searches for open printer ports and sends out print jobs to the vulnerable devices. Speaking to Bleeping Computer, Stackoverflowin said the script targets printers that have IPP (Internet Printing Protocol) ports, LPD (Line Printer Daemon) ports, and port 9100 left open to external connections. The script also includes an exploit that uses a remote code execution vulnerability to target Dell Xeon printers. "This allowed me to inject PostScript and invoke rouge jobs," he told the publication.

Stackoverflowin stressed that there was no botnet and he just wanted to help people secure their devices from potential future attacks. "People have done this in the past and sent racist flyers [an incident from March last year] etc.. I'm not about that, I'm about helping people to fix their problem, but having a bit of fun at the same time ; ) Everyone's been cool about it and thanked me to be honest."

The attack followed a report by Jens Muller, Vladislav Mladenov and Juraj Somorovsky from the Ruhr University in Germany. It noted a number of vulnerabilities in printers from different manufacturers, including HP, Brother, Lexmark, Dell, Samsung, Konica, OKI, and Kyocera.

Permalink to story.

https://www.techspot.com/news/68041-hacker-takes-over-150000-internet-connected-printers-sends.html

 
I would like to know what all 10 vulnerabilities are for the HP2015dn printers, we have maybe 3-4 of those lying around.
 
I remember back when Rogers (the major ISP in Canada) used the @home network... if you had a shared printer and used them, anyone else on the Rogers network could print to your printer... I remember sending print jobs saying "Please secure your printer before something worse comes out... call/email me if you need further instructions"

Glad to see there are still "good" hackers around :)
 
  • Like
Reactions: Garry J and Mister_K
So, one out of how many possibilities?

I mean... this one guy made this one thing apparent to people. How many other vulnerabilities are there out there that people have kept secret? Either for a hacker's own malicious use or a just from companies negligence.
 
I seem to have my brother printer flooding my internet with data; not one of these model numbers. What is the solution?
 
There's nothing amicable about this. As it turns out, some IT staff know there are problems with printer setups and have to keep them that way, at least for the time being. All this jerk did was knowingly hack into something because he assumed know one knew of the vulnerability and use up resources that aren't his to use. This is still black-hat.
 
I think most IT people know printers are a problem, but they don't think they are all that big of a problem, despite the fact that these attacks seem to pop up every six months or so. For example, I just saw a stat on an infographic that said 64 percent of IT people assigned more risk to a PC than a printer.

I'd assert that printers are actually a bigger target and a common way people are getting into the network and compromising IT infrastructure. The infographic is here. It's a bitly /2koy1wz

This is SO shortsighted! As we see with this breach, printers are just mini computers IT must take security seriously and start making a plan that includes printers. (Also, shutting down open ports, updating firmware and buying new printers that have self-healing properties and features.) --Karen Bannan for IDG and HP
 
  • Like
Reactions: Garry J
KarenB said:
I think most IT people know printers are a problem, but they don't think they are all that big of a problem, despite the fact that these attacks seem to pop up every six months or so. For example, I just saw a stat on an infographic that said 64 percent of IT people assigned more risk to a PC than a printer.

I'd assert that printers are actually a bigger target and a common way people are getting into the network and compromising IT infrastructure. The infographic is here. It's a bitly /2koy1wz

This is SO shortsighted! As we see with this breach, printers are just mini computers IT must take security seriously and start making a plan that includes printers. (Also, shutting down open ports, updating firmware and buying new printers that have self-healing properties and features.) --Karen Bannan for IDG and HP
Click to expand...

I hear you, but it still doesn't justify this individual's actions.
 
One of the biggest problems many of us face in IT is getting MORE SUPPORT FOR ACTION on securing systems and devices. While this hack may be undesirable to some, the fact that I can use this to Reinforce the need to secure these printers is of GREAT HELP TO ME. I am finding that a growing portion of the BOTs trying to accessing my public systems are Printers, Cameras, etc... Many articles point out that Security people are often struggling with leadership to get their acceptance of security measures. While this sort of thing may cause some of us discomfort because we have explain why we could not lock something down, one the other hand it reminds and supports others. Nobody likes being called into a higher up's office and explaining a security hole. But, those same supervisors in a good position to put pressure on vendors, etc.. to help us remedy those holes. We live with an industry that will abandon us at times, until they are in the negative spotlight. I do not thing its fair to say the person was a Black Hat, but rather suggest you consider him a Grey Hat "at the worst". I think the benefits to the "whole" and the the power behind a headline is worthy of positive consideration. Just something to consider...
 
While I do understand clearly how hard it can be to justify changes in budget, support, resources, policies and procedures from the purse-string holders, this is still clearly black hat. If I wanted an audit, I would request or contract for one. It's like saying, it's OK for a thief break into my house and tell me where my security holes are. It's not this person's right or responsibility to make this call for me.

So, then comes the question, who are you realistically more likely to ask for a security review of your house...a thief or a security company?
 
You must log in or register to reply here.

Similar threads

Daniel Sims
Class-action lawsuit accuses HP of monopolizing aftermarket ink cartridges
2
Replies
28
Views
322
pmshah
P
midian182
Amazon CEO says company is going all-in on generative AI, thinks it could be as big as the cloud and internet
Replies
3
Views
105
OortCloud
O
midian182
Meta will blur images containing nudity in Instagram messages to under 18s
Replies
6
Views
100
Nobina
Nobina

Latest posts

Back