Hacking a Printer with Ease
Thursday, March 31, 2016 @ 12:03 PM gHale
In another example showing how easy it could be to hack into an Internet of Things (IoT) device, a researcher was able to send out offensive literature over thousands of Internet-connected printers across the world.
With an attack surface as large as the Internet, it goes to show securing needs to be a part of the initial design of IoT devices.
Andrew “Weev” Auernheimer, a man prosecuted and convicted for snooping emails and authentication IDs of Apple iPad users from AT&T’s servers, showed printers are vulnerable to online attacks.
Auernheimer found there are numerous printers around the world that can end up accessed from the Internet without authentication, as they all had port 9100 exposed. Along those lines, he sent a PostScript file to the vulnerable printers, using a shell script to have the exposed machines printing the content of the file.
The file was an anti-Semitic flier pointing to a neo-Nazi website that started pouring out of thousands of printers, including those at universities, colleges, various other organizations, and even personal printers.
Auernheimer said he used Masscan, the mass IP port scanner. The tool is available as open source and could quickly find the vulnerable printers.
What Auernheimer showed was tens or maybe hundreds of thousands of printers are accessible over the Internet and don’t require authentication. He also sent a clear message to administrators that they need to better secure the resources inside their networks to ensure the security of all machines connected to it.