Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Monday February 06 2017, @04:21PM   Printer-friendly
from the think-of-all-the-wasted-paper dept.

A grey-hat hacker going by the name of Stackoverflowin says he's pwned over 150,000 printers that have been left accessible online.

Speaking to Bleeping Computer, the hacker says he wanted to raise everyone's awareness towards the dangers of leaving printers exposed online without a firewall or other security settings enabled.

For the past 24 hours, Stackoverflowin has been running an automated script that he wrote himself, which searches for open printer ports and sends a rogue print job to the target's device.

From high-end multi-functional printers at corporate headquarters to lowly receipt printers in small town restaurants, all have been affected.

Users reported multiple printer models as affected. The list includes brands such as Afico, Brother, Canon, Epson, HP, Lexmark, Konica Minolta, Oki, and Samsung.

Stackoverflowin told Bleeping Computer that his script targets printing devices that have IPP (Internet Printing Protocol) ports, LPD (Line Printer Daemon) ports, and port 9100 left open to external connections.

The script also includes an exploit that uses a remote code execution vulnerability to target Dell Xeon printers. "This allowed me to inject PostScript and invoke rouge[sic] jobs," Stackoverflowin told Bleeping about the RCE vulnerability's role.

Source:
https://www.bleepingcomputer.com/news/security/a-hacker-just-pwned-over-150-000-printers-left-exposed-online/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by jmorris on Tuesday February 07 2017, @12:41AM

    by jmorris (4844) on Tuesday February 07 2017, @12:41AM (#463818)

    Sure we do. We don't hide everything behind a NAT because of IPv4 address exhaustion. Well not ONLY because of that, we hide behind NAT because we all know 95% of the hosts currently connected to the Internet wouldn't survive an hour directly connected. IPv6 makes this situation worse because:

    1. Nobody seems to understand IPv6. Mostly because they don't care about IPv6 since NAT and http losing the one IP per virtual hostname requirement solved 99% of the problems it was intended to fix and Carrier Grade NAT solved the rest except for people who want to run a server at home and the ISPs don't want that anyway. A few mobile carriers do more than pay lip service to IPv6 but outside the 3rd world where IP exhaustion is dire, it is a dead end technology.

    2. Ignorance breeds exploits. IPv6 is usually poorly configured, not consciously firewalled and yet enabled by default on a LOT of things.

    3. IPv6 is not always NATted. Meaning an IPv6 enabled device connected to an IPv6 router plugged into an IPv6 enabled ISP is a menace. See above.

    4. IPv6 has not had nearly the field testing and hardening as IPv4. This applies to the kernel layers AND the applications which can connect and be connected to over IPv6. This makes for a very large attack surface that has yet to see a lot of attention.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 1, Interesting) by Anonymous Coward on Tuesday February 07 2017, @02:54PM

    by Anonymous Coward on Tuesday February 07 2017, @02:54PM (#464070)

    We don't hide everything behind a NAT because of IPv4 address exhaustion.

    Yes we do.

    A stateless firewall requires less resources than a NAT router, and can thus be manufactured cheaper. A stateful firewall requires approximately the same resources as a NAT router and would cost the same to manufacture.

    The reason you can't buy consumer versions of either is that the IP address shortage makes it necessary to buy NAT routers instead.