SoylentNews is people
SoylentNews
from the think-of-all-the-wasted-paper dept.
A grey-hat hacker going by the name of Stackoverflowin says he's pwned over 150,000 printers that have been left accessible online.
Speaking to Bleeping Computer, the hacker says he wanted to raise everyone's awareness towards the dangers of leaving printers exposed online without a firewall or other security settings enabled.
For the past 24 hours, Stackoverflowin has been running an automated script that he wrote himself, which searches for open printer ports and sends a rogue print job to the target's device.
From high-end multi-functional printers at corporate headquarters to lowly receipt printers in small town restaurants, all have been affected.
Users reported multiple printer models as affected. The list includes brands such as Afico, Brother, Canon, Epson, HP, Lexmark, Konica Minolta, Oki, and Samsung.
Stackoverflowin told Bleeping Computer that his script targets printing devices that have IPP (Internet Printing Protocol) ports, LPD (Line Printer Daemon) ports, and port 9100 left open to external connections.
The script also includes an exploit that uses a remote code execution vulnerability to target Dell Xeon printers. "This allowed me to inject PostScript and invoke rouge[sic] jobs," Stackoverflowin told Bleeping about the RCE vulnerability's role.
(Score: 4, Insightful) by bob_super on Monday February 06 2017, @06:27PM
Oh oh, I know why! Pick me, pick me!
That's because the printer asks for an SSID and optionally a password, after which it open whatever ports its designers thought would be cool for all kinds of "cloud" features hardly any end-user will use, plus any ports required to phone home usage patterns and whatever else the designers though would be marketable information.
And less than 5% of the population would know how to stop that. And I'd be surprised if 50% of those who know bothered to do anything about it.
I just turn the thing off (switch on extension cord: no vampiric current drain) unless I'm actively printing. You have less than 5 minutes to "pwn" it, good luck using it for a botnet.
(Score: 2) by Grishnakh on Monday February 06 2017, @07:48PM
Printers cannot "open ports" on a NAT router all by themselves. They can make outbound connections, through which the system on the other end could then communicate back, but we're not talking about HP, Brother, Canon, etc. having "pwned" servers here, we're talking about someone connecting directly to printers from the internet. That is not possible with a consumer NAT router unless you have specifically set it up to do that. The printer can't do it on its own.
(Score: 1, Funny) by Anonymous Coward on Monday February 06 2017, @08:34PM
I had a Samsung color laser that gladly opened ports using UPnP. Being at University at the time, my neighbors quickly (less than an hour of plugging it in) printed a page to let me know I was an idiot for leaving it exposed and then used the remote interface to turn it off. Suffice to say, one of the first things I do with a router anymore is make sure UPnP is turned off.
(Score: 2) by jmorris on Monday February 06 2017, @08:40PM
You haven't heard of UPnP in $current_year? Yup, we hide everything behind NAT because we know it is all a roach motel, then we invented UPnP to expose it automagically. Genius!
(Score: 2) by Grishnakh on Monday February 06 2017, @09:21PM
Sure enough, you're right [wikipedia.org].
Holy crap, what moron thought this would be a good idea??
The other stuff in uPnP makes some sense when confined to an internal network, because DHCP and all makes it a bit of a pain to configure your devices to see each other. But there's absolutely no reason devices should be allowed to make themselves visible to the outside, except maybe for idiots who want to run peer-to-peer software and don't want to figure out how to do port forwarding themselves, but that's no reason to enable them.
I wonder if there's a list of printers and other such devices (devices that have no business having forwarded ports) that use this "feature" of uPnP.
(Score: 2) by Scruffy Beard 2 on Monday February 06 2017, @09:34PM
UPnP is part of a DRM stack called DLNA [dlna.org].
No user is going to configure their router to let the manufacturer pwn their machine.
(Score: 0) by Anonymous Coward on Monday February 06 2017, @10:27PM
...we hide everything behind NAT...
With IPv6 we don't need to!
(Score: 2) by jmorris on Tuesday February 07 2017, @12:41AM
Sure we do. We don't hide everything behind a NAT because of IPv4 address exhaustion. Well not ONLY because of that, we hide behind NAT because we all know 95% of the hosts currently connected to the Internet wouldn't survive an hour directly connected. IPv6 makes this situation worse because:
1. Nobody seems to understand IPv6. Mostly because they don't care about IPv6 since NAT and http losing the one IP per virtual hostname requirement solved 99% of the problems it was intended to fix and Carrier Grade NAT solved the rest except for people who want to run a server at home and the ISPs don't want that anyway. A few mobile carriers do more than pay lip service to IPv6 but outside the 3rd world where IP exhaustion is dire, it is a dead end technology.
2. Ignorance breeds exploits. IPv6 is usually poorly configured, not consciously firewalled and yet enabled by default on a LOT of things.
3. IPv6 is not always NATted. Meaning an IPv6 enabled device connected to an IPv6 router plugged into an IPv6 enabled ISP is a menace. See above.
4. IPv6 has not had nearly the field testing and hardening as IPv4. This applies to the kernel layers AND the applications which can connect and be connected to over IPv6. This makes for a very large attack surface that has yet to see a lot of attention.
(Score: 1, Interesting) by Anonymous Coward on Tuesday February 07 2017, @02:54PM
We don't hide everything behind a NAT because of IPv4 address exhaustion.
Yes we do.
A stateless firewall requires less resources than a NAT router, and can thus be manufactured cheaper. A stateful firewall requires approximately the same resources as a NAT router and would cost the same to manufacture.
The reason you can't buy consumer versions of either is that the IP address shortage makes it necessary to buy NAT routers instead.
(Score: 2) by nobu_the_bard on Monday February 06 2017, @09:22PM
One of my former clients, they were only clients for VoIP phone service. They owned several entire C-class network subnets on the public internet (at the time, anyway)... they put entire internal networks to be routable on the public internet and relied on each device's own firewall to protect it from the internet. Most of their guys had learned their stuff loooong ago and adamantly refused to change their policies. I think part of it, was they wanted to keep ownership of their network subnets, and were worried it'd be a "use it or lose it" sort of situation.
They became former clients because they put their VoIP phones out there and they kept getting hacked... I know a few printers were on those subnets too...
(Score: 2) by Grishnakh on Monday February 06 2017, @09:30PM
Why would they be "former clients"? If your job is to fix things when they get hacked, this sounds like an ideal customer: one too stupid to fix the root problem and willing to hire you over and over to fix the damage. It's like a car driver who... sorry, I tried really hard to come up with a good car analogy but I just couldn't think of something equivalent to that level of stupidity. Anyway, it's a gold mine; why would you abandon it? "A fool and his money are soon parted."
(Score: 2) by mcgrew on Monday February 06 2017, @09:09PM
My printer's setup, a Canon imageCLASS, only had you press the button on the router, which shuts off the firewall for thirty seconds. I've forgotten what it said if there's no button, bought it last fall.
But yes, it's only on when I'm printing. No sense wasting electricity.
mcgrewbooks.com mcgrew.info nooze.org
(Score: 0) by Anonymous Coward on Monday February 06 2017, @09:27PM
Do printers normally just open ports up? How does this work with NAT? Are people configuring their printers with admin rights to their firewall/router devices?
I am not really sure how this is working, unless they run the install CD and just let the wizard do everything.
I had to type in my initial settings into the front panel, and then later update them from an internal web server on the printer... I guess DHCP would have worked, but the disk only had drivers and firmware and advertisements for printer add-ons and toner...
I remember HP printers updating their own firmware, but that was via a wget or ftp process, not opening ports on a firewall. Someone has to give the printer the power to do this to their network hardware, or run software that does it for them. I wouldn't have thought standards between consumer devices were so similar that a printer setup wizard could do this across a swath of consumer devices. I guess then that the difference is in the packaging and they all suck the same way, but the the cosmetics differ and what you pay for based on its looks differ?
(Score: 2) by EvilSS on Monday February 06 2017, @09:31PM