Hacker Hijacks Printers

Wednesday, February 8, 2017 @ 11:02 AM gHale


A hacker was able to cull over 160,000 printers from across the Internet, making them print ASCII art to make a point.

Stackoverflowing, an attacker that said he took over 160,000 printers, targeted devices ranging from office printers to sales terminals.

RELATED STORIES
Ukraine Attack: An Insider’s Perspective
Transformer Shooting Knocks Out Substation
Shamoon 2 Active in Middle East
SF Metro Victim of Ransomware

“Hacked. Stackoverflowin/stack the almighty, hacker god has returned to his throne, as the greatest memegod. Your printer is part of a flaming botnet. Your printer has been pwn’d,” read the messages printed on the pages that printers across the world started spewing.

“It was kind of an impulse. I had been looking into printers for a while prior to this, about a few months before. I saw multiple articles about printers, and it invoked my curiosity again, and yeah, it went from there,” the hacker said in a published report in The Register.

Stackoverflowing said they wrote a script scanning for insecure public-facing devices with open RAW, Internet Printing Protocol, and Line Printer Remote services, running on several network ports — 9100, 631 and 515. This, they said, isn’t something extremely difficult to do since there are hundreds of thousands of such devices with these ports wide open.

Then, the attacker exploited remote-code execution vulnerabilities in the web interface built into Internet-connected Xerox products, managing to take over even more printers.

The attacker started testing the system, printing messages accusing people of wasting paper. This was more of a trial run since the code was crashing around 50,000 devices. Then, the printouts turned into ASCII art — one portraying a computer, and another a robot.

While the attack was relatively harmless, the idea these open printers can end up exploited for more serious threats is very possible. The vulnerabilities can end up used to build a massive botnet and take down lots of corners of the web.

Stackoverflowing said they stopped before things got messy because some messages indicated someone else was also doing their own printer hijacking, asking for Bitcoin ransoms.



Leave a Reply

You must be logged in to post a comment.