A grey-hat hacker going by the name of Stackoverflowin says he's pwned over 150,000 printers that have been left accessible online.
Speaking to Bleeping Computer, the hacker says he wanted to raise everyone's awareness towards the dangers of leaving printers exposed online without a firewall or other security settings enabled.
For the past 24 hours, Stackoverflowin has been running an automated script that he wrote himself, which searches for open printer ports and sends a rogue print job to the target's device.
From high-end multi-functional printers at corporate headquarters to lowly receipt printers in small town restaurants, all have been affected.
Users reported multiple printer models as affected. The list includes brands such as Afico, Brother, Canon, Epson, HP, Lexmark, Konica Minolta, Oki, and Samsung.
Stackoverflowin told Bleeping Computer that his script targets printing devices that have IPP (Internet Printing Protocol) ports, LPD (Line Printer Daemon) ports, and port 9100 left open to external connections.
The script also includes an exploit that uses a remote code execution vulnerability to target Dell Xeon printers. "This allowed me to inject PostScript and invoke rouge[sic] jobs," Stackoverflowin told Bleeping about the RCE vulnerability's role.
(Score: 2) by jmorris on Tuesday February 07 2017, @12:41AM
Sure we do. We don't hide everything behind a NAT because of IPv4 address exhaustion. Well not ONLY because of that, we hide behind NAT because we all know 95% of the hosts currently connected to the Internet wouldn't survive an hour directly connected. IPv6 makes this situation worse because:
1. Nobody seems to understand IPv6. Mostly because they don't care about IPv6 since NAT and http losing the one IP per virtual hostname requirement solved 99% of the problems it was intended to fix and Carrier Grade NAT solved the rest except for people who want to run a server at home and the ISPs don't want that anyway. A few mobile carriers do more than pay lip service to IPv6 but outside the 3rd world where IP exhaustion is dire, it is a dead end technology.
2. Ignorance breeds exploits. IPv6 is usually poorly configured, not consciously firewalled and yet enabled by default on a LOT of things.
3. IPv6 is not always NATted. Meaning an IPv6 enabled device connected to an IPv6 router plugged into an IPv6 enabled ISP is a menace. See above.
4. IPv6 has not had nearly the field testing and hardening as IPv4. This applies to the kernel layers AND the applications which can connect and be connected to over IPv6. This makes for a very large attack surface that has yet to see a lot of attention.
(Score: 1, Interesting) by Anonymous Coward on Tuesday February 07 2017, @02:54PM
We don't hide everything behind a NAT because of IPv4 address exhaustion.
Yes we do.
A stateless firewall requires less resources than a NAT router, and can thus be manufactured cheaper. A stateful firewall requires approximately the same resources as a NAT router and would cost the same to manufacture.
The reason you can't buy consumer versions of either is that the IP address shortage makes it necessary to buy NAT routers instead.