printers flaw Hacker Hijacks 160K Printers, Warns of Open Ports

[WALLONN7]

This hijack was friendly, but the next one might not be

 

 

One hacker managed to hijack over 160,000 printers from across the Internet, making them print ASCII art in an effort to issue a serious warning.

“Hacked. Stackoverflowin/stack the almighty, hacker god has returned to his throne, as the greatest memegod. Your printer is part of a flaming botnet. Your printer has been pwn’d,” reads the messages printed on the pages that printers across the world started spewing.

Stackoverflowing, the hacker boasting to have managed to hijack over 160,000 printers, says he targeted devices ranging from office printers to sales terminals.

“It was kind of an impulse. I had been looking into printers for a while prior to this, about a few months before. I saw multiple articles about printers, and it invoked my curiosity again, and yeah, it went from there,” the hacker told The Register.

The hijacker explains that they wrote a script scanning for insecure public-facing devices with open RAW, Internet Printing Protocol, and Line Printer Remote services, running on several network ports - 9100, 631 and 515. This, they said, isn’t something extremely difficult to do since there are hundreds of thousands of such devices with these ports wide open.

Then, the hacker also claimed to have exploited remote-code execution vulnerabilities in the web interface built into Internet-connected Xerox products, managing to take over even more printers.

The road so far

First, the hacker started testing the system, printing messages accusing people of wasting paper. This was more of a trial run since the code was crashing in around 50,000 devices. Then, the printouts turned into ASCII art - one portraying a computer, and another a robot.

Most people seemed to take the hack in stride, but that doesn’t mean this isn’t a serious issue. All these open printers can be exploited by hackers that are a lot meaner. The vulnerabilities can be used to build a massive botnet and take down lots of corners of the web.

Stackoverflowing says they stopped before things got messy because some messages indicated someone else was also doing their own printer hijacking, asking for Bitcoin ransoms.

 

Source