150,000 Printers and MFPs Said to Have Been Hacked
Just last week, researchers in Germany published a blog post listing various printer security vulnerabilities, while on February 4th, Bleeping Computer reported that a hacker that goes by the name of “Stackoverflowin'” says he’s hacked over 150,000 printers that have been left accessible online.
The hacker is said to have told Bleeping Computer, that he “wanted to raise everyone’s awareness towards the dangers of leaving printers exposed online without a firewall or other security settings enabled.”
The person is said to have been running an automated script that he wrote himself, which searches for open printer ports and sends a rogue print job to the target’s device.
Bleeping Computer states that: “From high-end multi-functional printers at corporate headquarters to lowly receipt printers in small-town restaurants, all have been affected.”
Multiple printer and copier/MFP brands have also reportedly been affected, including the following: Ricoh, Brother International, Canon, Epson, Dell, HP, Lexmark International, Konica Minolta, OKI Data, and Samsung.
Messages such as the following are said to have printed by the hijacked printers:
stackoverflowin the hacker god has returned, your printer is part of a flaming botnet, operating on putin's forehead utilising BTI's (break the internet) complex infrastructure. [ASCII ART HERE] For the love of God, please close this port, skid. ------- Questions? Twitter: https://twitter.com/lmaostack -------
Other messages included ASCII art depicting a computer and a nearby printer, as depicted below.
Stackoverflowin told Bleeping Computer that his script targets printers and MFPs that various ports left open to external connections. These include IPP (Internet Printing Protocol) ports, LPD (Line Printer Daemon) ports, and port 9100.
The script is also said to include a hack that uses a remote-code execution vulnerability to target Dell printers. “This allowed me to inject PostScript and invoke rogue jobs,” Stackoverflowin told Bleeping Computer about the hack.
Interestingly, the hacker, who has done security work, has said that his intentions are all good,” stating to Bleeping Computer: “Obviously there’s no botnet. People have done this in the past and sent racist flyers etc.. I’m not about that, I’m about helping people to fix their problem, but having a bit of fun at the same time ; ) Everyone’s been cool about it and thanked me to be honest.”
In March 2016, a hacker hijacked thousands of printers and forced them to print anti-Semitic messages.
This YouTube video on further explains the problem and how to correct it.
- February 2017: Researchers Say Popular Printers Subject to Hacking, Captured Print Jobs, Physical Printer Damage
- January 2017: HP: Battle Hackers with these Printer Security Solutions
- December 2016: HP Redesigns MPS to Protect Networked Copier/MFPs, Printers Now Pre-Configured for Security
- October 2016: Two Security Vulnerabilities Found in Lexmark MarkVision Enterprise Fleet-Management Application
- September 2016: A Closer Look at HP’s New LaserJet and PageWide MFPs Said to Feature Better Reliability, Monitoring, Security, and More
- May 2016: New Samsung Server-Less Business Core 2.0 Apps for Document Workflows, Print Tracking and Security
- September 2015: This Week in Imaging: Printer and MFP/Copier Security Isn’t Just for Large Enterprises
- September 2015: The Internet of Things – Including Printers – Poses Significiant Security Risks, Warns FBI
- June 2015: HP Enhances Printer-Security Solutions, Adds New Proactive Print Advisor Service
- April 2015: New HP Suite of Security Solutions Includes Threat Detection, User Profiling, Cloud Protection
- September 2014: HP Locks Down Printers with New Security Features, Advisory Services, ArcSight Printer Integration, Cloud Pull Print, More