SoylentNews is people
SoylentNews
from the think-of-all-the-wasted-paper dept.
A grey-hat hacker going by the name of Stackoverflowin says he's pwned over 150,000 printers that have been left accessible online.
Speaking to Bleeping Computer, the hacker says he wanted to raise everyone's awareness towards the dangers of leaving printers exposed online without a firewall or other security settings enabled.
For the past 24 hours, Stackoverflowin has been running an automated script that he wrote himself, which searches for open printer ports and sends a rogue print job to the target's device.
From high-end multi-functional printers at corporate headquarters to lowly receipt printers in small town restaurants, all have been affected.
Users reported multiple printer models as affected. The list includes brands such as Afico, Brother, Canon, Epson, HP, Lexmark, Konica Minolta, Oki, and Samsung.
Stackoverflowin told Bleeping Computer that his script targets printing devices that have IPP (Internet Printing Protocol) ports, LPD (Line Printer Daemon) ports, and port 9100 left open to external connections.
The script also includes an exploit that uses a remote code execution vulnerability to target Dell Xeon printers. "This allowed me to inject PostScript and invoke rouge[sic] jobs," Stackoverflowin told Bleeping about the RCE vulnerability's role.
(Score: 2) by nobu_the_bard on Monday February 06 2017, @09:22PM
One of my former clients, they were only clients for VoIP phone service. They owned several entire C-class network subnets on the public internet (at the time, anyway)... they put entire internal networks to be routable on the public internet and relied on each device's own firewall to protect it from the internet. Most of their guys had learned their stuff loooong ago and adamantly refused to change their policies. I think part of it, was they wanted to keep ownership of their network subnets, and were worried it'd be a "use it or lose it" sort of situation.
They became former clients because they put their VoIP phones out there and they kept getting hacked... I know a few printers were on those subnets too...
(Score: 2) by Grishnakh on Monday February 06 2017, @09:30PM
Why would they be "former clients"? If your job is to fix things when they get hacked, this sounds like an ideal customer: one too stupid to fix the root problem and willing to hire you over and over to fix the damage. It's like a car driver who... sorry, I tried really hard to come up with a good car analogy but I just couldn't think of something equivalent to that level of stupidity. Anyway, it's a gold mine; why would you abandon it? "A fool and his money are soon parted."