SoylentNews is people
SoylentNews
from the think-of-all-the-wasted-paper dept.
A grey-hat hacker going by the name of Stackoverflowin says he's pwned over 150,000 printers that have been left accessible online.
Speaking to Bleeping Computer, the hacker says he wanted to raise everyone's awareness towards the dangers of leaving printers exposed online without a firewall or other security settings enabled.
For the past 24 hours, Stackoverflowin has been running an automated script that he wrote himself, which searches for open printer ports and sends a rogue print job to the target's device.
From high-end multi-functional printers at corporate headquarters to lowly receipt printers in small town restaurants, all have been affected.
Users reported multiple printer models as affected. The list includes brands such as Afico, Brother, Canon, Epson, HP, Lexmark, Konica Minolta, Oki, and Samsung.
Stackoverflowin told Bleeping Computer that his script targets printing devices that have IPP (Internet Printing Protocol) ports, LPD (Line Printer Daemon) ports, and port 9100 left open to external connections.
The script also includes an exploit that uses a remote code execution vulnerability to target Dell Xeon printers. "This allowed me to inject PostScript and invoke rouge[sic] jobs," Stackoverflowin told Bleeping about the RCE vulnerability's role.
(Score: 2) by ledow on Monday February 06 2017, @04:56PM
It's an indication of something far more nefarious.
Hundreds of thousands of people have installed a printer which has ports open to the Internet - through conscious port-forwarding or complete lack of firewall.
What else are they exposing, and if these are people who are forwarding, why was this allowed? How much other stuff is on those same IPs that allows a lot worse than printing off a piece of rude paper? Printers normally have everything from FTP to SMB to SMTP.
And those THOUSANDS of devices from all kinds of manufacturers - why are they sold in insecure default configurations that allowed this? Why is this stuff even turned on? Why is it not limited to local subnet by default? Why does it not have authentication of the most basic kind?
And we're putting lightbulbs on the Internet still, made by some of these same people.
Security should not be a bolt-on, when lax security is this prevalent in devices, manufacturers and their default configurations.
(Score: 1, Insightful) by Anonymous Coward on Monday February 06 2017, @05:09PM
why are they sold in insecure default configurations that allowed this?
Because it makes their gee-whiz iThingie cloudy-printy Chromy features "easy." That's why. "Easy."
It will continue to be that way until an alternative is easier.
(Score: 2) by ikanreed on Monday February 06 2017, @05:12PM
Yeah, I guess, but can we also report on the serious cringe flaw of a person using the word "pwned"?
It's indicative of something far more nefarious: an entire generation not realizing that their slang is completely out of date and kinda uncomfortable to read.
(Score: 2) by shipofgold on Monday February 06 2017, @05:46PM
OK, I'll bite...what's a better word?
For me, 'pwned' gave the right connotation of the incident.
(Score: 0) by Anonymous Coward on Monday February 06 2017, @10:42PM
p0wned.
(Score: 2) by art guerrilla on Monday February 06 2017, @11:26PM
after pwned would come pawned...
(Score: 2) by Thexalon on Monday February 06 2017, @05:12PM
Yeah, but security is so darned *inconvenient*, you know? Having to type in passwords, firewall configurations, how the heck do you expect a beleagured office assistant to pull it off? We want something they can just plug in and turn on, dammit!
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by Scruffy Beard 2 on Monday February 06 2017, @06:33PM
About half the tweets from the TFA featured print-outs in a fast-food restaurant environment.
At minimum wage, I am not sure you will care that the printer you are not allowed to mess with is pwned. I personally would probably report it to management.