A grey-hat hacker going by the name of Stackoverflowin says he's pwned over 150,000 printers that have been left accessible online.
Speaking to Bleeping Computer, the hacker says he wanted to raise everyone's awareness towards the dangers of leaving printers exposed online without a firewall or other security settings enabled.
For the past 24 hours, Stackoverflowin has been running an automated script that he wrote himself, which searches for open printer ports and sends a rogue print job to the target's device.
From high-end multi-functional printers at corporate headquarters to lowly receipt printers in small town restaurants, all have been affected.
Users reported multiple printer models as affected. The list includes brands such as Afico, Brother, Canon, Epson, HP, Lexmark, Konica Minolta, Oki, and Samsung.
Stackoverflowin told Bleeping Computer that his script targets printing devices that have IPP (Internet Printing Protocol) ports, LPD (Line Printer Daemon) ports, and port 9100 left open to external connections.
The script also includes an exploit that uses a remote code execution vulnerability to target Dell Xeon printers. "This allowed me to inject PostScript and invoke rouge[sic] jobs," Stackoverflowin told Bleeping about the RCE vulnerability's role.
(Score: 2) by EvilSS on Monday February 06 2017, @09:15PM
With any off-the-shelf router, you should be able to plug your printer into it (or set up the WiFi on the printer to connect to it), and you should be able to print to it, while outsiders on the internet should not.
You can, and that is the default way they work. In the case of the article what is happening is the users have bypassed this and are hanging printers directly on the internet, either with public IP's, setting them as the DMZ host (which most consumer routers support), or port forwarding to them.
(Score: 2) by Grishnakh on Monday February 06 2017, @09:25PM
Why would someone intentionally port-forward to a printer, or put it in the DMZ? This isn't something an idiot, non-techie user would do; a typical consumer has absolutely no idea what DMZ is (outside of the reference to Korea), or what "port forwarding" is, or even what a "port" in TCP/UDP is. This requires more advanced knowledge.
The other poster's contention about uPnP sounds more likely, except with that I'd expect to see far more than a few hundred thousand vulnerable printers out there, because I think it's safe to assume that the vast majority of consumers would not know about this and would just plug things in, so if printers were all doing automatic uPnP port forwarding by default, we'd see many, many millions of such devices vulnerable.
(Score: 2) by EvilSS on Monday February 06 2017, @09:34PM
They found laser printers and mopiers when they were doing their scans. Those certainly do not use uPnP. Hell I used to do the same kind of port scanning for the same reason years ago, well before uPnP existed. Or, you know, I "theoretically" printed out scribbled out dongs. Theoretically.
(Score: 2) by fliptop on Monday February 06 2017, @09:39PM
Because it's easier than setting up a VPN? That is, if you don't really know what you're doing.
Our Constitution was made only for a moral and religious people. It is wholly inadequate to the government of any other.
(Score: 2) by EvilSS on Monday February 06 2017, @09:48PM