NetworksSecurityWorkspace

Hacker Takes Over 150,000 Exposed Printers

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Follow on: Google +
Google + Linkedin Subscribe to our newsletter Write a comment

Mystery messages warn users to secure their network-connected printers

Network-connected printers around the world have been emitting mysterious messages over the weekend after a hacker claimed to have commandeered about 150,000 of the devices left accessible via the Internet.

Most of the messages – many of which were posted on social media by those affected – suggest the devices have been made part of a botnet, but the hacker in question said that isn’t the case, and that his intent was to warn users to secure their devices.

Hacker, cyber crime, criminal, bank cards © Creativa, Shutterstock 2014

Printer invasion

Office printers, home devices and retail receipt printers are among those affected, according to messages on social media.

The stunt follows the publication of a German academic paper at the end of January that found a wide variety of security vulnerabilities in network-connected printers.

Beginning on Friday, an individual using the pseudonym Stackoverflowin began using an automated script to locate vulnerable devices and print warning messages.

A typical message read: “stackoverflowin the hacker god has returned, your printer is part of a flaming botnet, operating on putin’s forehead utilising BTI’s (break the Internet) complete infrastructure”, while another stated, “for the love of God, please close this port, skid”, referring to a “script kiddie”, or novice programmer.

The messages included email, web and Twitter contact details for Stackoverflowin, while, some versions also printed ASCII-art images of robots or computers.

‘150,000 devices’ affected

Stackoverflowin said he had accessed the devices using network port 9100, which can be closed off by changing router settings.

Security experts also urged users to set an administrator password on their devices to make it more difficult for attackers to manipulate them.

The hacker said he had accessed about 150,000 printers manufactured by HP, Brother, Epson, Canon, Lexmark and Minolta, amongst others, and that his intent was to improve security.

“I’m about helping people to fix their problem, but having a bit of fun at the same time,” he told the Bleeping Computer IT news website on Saturday. “Everyone’s been cool about it and thanked me to be honest.”

Printer vulnerabilities

Security researchers Jens Muller, Vladislav Mladenov and Juraj Somorovsky of the Ruhr University in Germany found that all of the 20 printers they tested were vulnerable to “multiple” network-based attacks.

“From a security point of view, these machines are quite interesting since they are located in internal networks and have direct access to sensitive information like confidential reports, contracts or patient recipes,” they wrote in a summary of their findings.

In an academic research paper published last week they described locking printers into an endless loop that made them unusable, spying on print jobs, using them as an entry point to attack the systems to which they were linked, and other attacks.

The insecurity of network-based devices such as routers, CCTV cameras and set-top boxes is a growing threat, with large numbers being taken over by botnets that can be used to launch denial-of-service attacks or relay spam messages.

Put your knowledge of Artificial Intelligence (AI) to the test. Try our quiz!