Thousands Internet-connected printers around the world have been “hacked” and commanded to print anti-Semitic flyers.
Internet of Things (IoT) devices have been long said and proven to be vulnerable to various types of attacks, especially if they are not properly secured. Andrew “Weev” Auernheimer, a man prosecuted and convicted for snooping e-mails and authentication IDs of Apple iPad users from AT&T’s servers, has proven once again that printers are highly vulnerable to online attacks.
Auernheimer discovered that there are numerous printers around the world that can be accessed from the Internet without authentication, as they all had port 9100 exposed. To prove his point, he sent a PostScript file to the vulnerable printers, using a shell script to have the exposed machines printing the content of the file.
The file was an anti-Semitic flier pointing to a neo-Nazi website that started pouring out of thousands of printers, including those at universities, colleges, various other organizations, and even personal printers.
Auernheimer explains in a blog post that he used the mass IP port scanner called Masscan, a tool available as open source, to find the vulnerable printers. He also notes that Shodan is also suitable for the task, but that it implies costs he wasn’t willing to cover.
The first reactions to Auernheimer’s experiment began to emerge five days ago, and have been surfacing online fast as the flyers were pouring out of the exposed printers. Overall, he claims that the experiment was a success.
What Auernheimer managed to reveal was the fact that tens or maybe hundreds of thousands of printers are accessible over the Internet and don’t require authentication. He also sent a clear message to administrators that they need to better secure the resources inside their networks to ensure the security of all machines connected to it.
In January, a researcher revealed that thousands of office printers, ones that have gigabytes of internal storage, are exposed on the Internet, and that HP printers, which are accessible over port 9100, provide malicious actors an anonymous FTP server. In September last year, the company announced the launch of enterprise-grade printers fitted with security features to prevent malicious attacks from breaching a company’s network.
Earlier this month, hackers managed to make off with $81 million from Bangladesh's central bank because of a printer and software problem, although the printer was not the initial point of attack. Faulty printers prevented the bank from stopping a series of fraudulent transactions for four days, and the hackers were able to transfer millions electronically to accounts in the Philippines.