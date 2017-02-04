A Hacker Just Pwned Over 150,000 Printers Exposed Online (bleepingcomputer.com) 17
Last year an attacker forced thousands of unsecured printers to spew racist and anti-semitic messages. But this year's attack is even bigger. An anonymous reader writes: A grey-hat hacker going by the name of Stackoverflowin has pwned over 150,000 printers that have been left accessible online. For the past 24 hours, Stackoverflowin has been running an automated script that searches for open printer ports and sends a rogue print job to the target's device. The script targets IPP (Internet Printing Protocol) ports, LPD (Line Printer Daemon) ports, and port 9100 left open to external connections. From high-end multi-functional printers at corporate headquarters to lowly receipt printers in small town restaurants, all have been affected. The list includes brands such as Afico, Brother, Canon, Epson, HP, Lexmark, Konica Minolta, Oki, and Samsung.
The printed out message included recommendations for printer owners to secure their device. The hacker said that people who reached out were very nice and thanked him.
The printers apparently spew out an ASCII drawing of a robot, along with the words "stackoverflowin the hacker god has returned. your printer is part of a flaming botnet... For the love of God, please close this port." The messages sometimes also include a link to a Twitter feed named LMAOstack.
Oh, the humanity! (Score:2)
Of all the bad outcomes of a printer being hacked, that it "spews" racist printouts (everything racist, I guess, is spewed) until you switch off the printer or fix your security doesn't seem to be the worst thing?
Does your printer keep spewing pages that you find offensive until you make a Bitcoin payment to a racial supremacist group?
I hope the dipshit plants a few trees to compensate for the 390 reams printed.
Uh, wait (Score:2)
Are a bunch of printers on the Internet with public IPs (a thought that previously has never crossed my mind, as it's not even a criminal offense...we'd need to invent a new category for it)?
This keeps happening because mfgs won't fix it (Score:4, Insightful)
I've been giving some thought to this whole botnet epidemic. It occurs to be that there is a very straightforward solution:
Every manufacturer, software vendor, etc., should ship their hardware, software, device, etc., in a mode in which all remote/external access is completely disabled. Then the user would be required to at least take a positive action to enable the remote or network capability.
However, I am relatively certain this won't happen, for these reasons:
Given that manufacturers are in no rush to do anything that costs them more money (hardware margins are razor thin for just about every hardware company not named "Apple"), I really don't see this changing anytime soon, which is sad because this sort of mentality is making the Internet a worse place for everyone all around.
Botnet? (Score:2)
Having port 9100 open doesn't make my printer part of a botnet. It just allows me to print from anywhere. I often set the printer as the DMZ address on my network, because I'd rather have people sending crap at a printer than at my actual computers. This kind is crap is really annoying, not helpful. We COULD turn off external printer ports, but in some cases they are needed or desired. Wasting paper tellling me the port is open? Stupid. Pressuring printer companies to implement a way to only allow authentic
Remember when fax machines printed immediately so that anyone in the world could waste a few sheets of your paper?
We didn't consider that a security issue either.
just tie up someones phone with end less faxes! (Score:2)
On some models of printer, port 9100 can do a lot more than just accept data to be printed...
For instance, some Xerox printers let you upload firmware updates via port 9100, and vulnerabilities exist allowing remote code execution (see https://www.exploit-db.com/exp... [exploit-db.com])
Printers are fully capable computers, having processors far more powerful than even highend servers from a few years ago. If someone gains the ability to execute arbitrary code on one, then they have a foothold on your network capable of laun
If you hack my printer (Score:2)
I'll throw it out because I don't use that thing anymore. I can't even imagine what I would need with hardcopies anymore.
Ah, printers, the grand-fathers of IoT insecurity (Score:3)