150,000 Printers and MFPs Said to Have Been Hacked

Just last week, researchers in Germany published a blog post listing various printer security vulnerabilities, while on February 4th, Bleeping Computer reported that a hacker that goes by the name of “Stackoverflowin'” says he’s hacked over 150,000 printers that have been left accessible online.

The hacker is said to have told Bleeping Computer, that he “wanted to raise everyone’s awareness towards the dangers of leaving printers exposed online without a firewall or other security settings enabled.”

The person is said to have been running an automated script that he wrote himself, which searches for open printer ports and sends a rogue print job to the target’s device.

Bleeping Computer states that: “From high-end multi-functional printers at corporate headquarters to lowly receipt printers in small-town restaurants, all have been affected.”

Multiple printer and copier/MFP brands have also reportedly been affected, including the following: Ricoh, Brother International, Canon, Epson, Dell, HP, Lexmark International, Konica Minolta, OKI Data, and Samsung.

Messages such as the following are said to have printed by the hijacked printers:

stackoverflowin the hacker god has returned, your printer is part of a flaming botnet, operating on putin's forehead utilising BTI's (break the internet) complex infrastructure.
[ASCII ART HERE]
For the love of God, please close this port, skid.
-------
Questions?
Twitter: https://twitter.com/lmaostack
-------

Other messages included ASCII art depicting a computer and a nearby printer, as depicted below.

Stackoverflowin's message

Stackoverflowin’s message (via @ElSob09)

Stackoverflowin told Bleeping Computer that his script targets printers and MFPs that various ports left open to external connections. These include IPP (Internet Printing Protocol) ports, LPD (Line Printer Daemon) ports, and port 9100.

The script is also said to include a hack that uses a remote-code execution vulnerability to target Dell printers. “This allowed me to inject PostScript and invoke rogue jobs,” Stackoverflowin told Bleeping Computer about the hack.

Interestingly, the hacker, who has done security work, has said that his intentions are  all good,” stating to Bleeping Computer: “Obviously there’s no botnet. People have done this in the past and sent racist flyers etc.. I’m not about that, I’m about helping people to fix their problem, but having a bit of fun at the same time ; ) Everyone’s been cool about it and thanked me to be honest.”

In March 2016, a hacker hijacked thousands of printers and forced them to print anti-Semitic messages.

This YouTube video on further explains the problem and how to correct it.

More Resources

Leave a Reply

%d bloggers like this: