Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

M&A Tracker

Thousands of Printers “Hacked” to Spew Anti-Semitic Flyers

Thousands Internet-connected printers around the world have been “hacked” and commanded to print anti-Semitic flyers.

Thousands Internet-connected printers around the world have been “hacked” and commanded to print anti-Semitic flyers.

Internet of Things (IoT) devices have been long said and proven to be vulnerable to various types of attacks, especially if they are not properly secured. Andrew “Weev” Auernheimer, a man prosecuted and convicted for snooping e-mails and authentication IDs of Apple iPad users from AT&T’s servers, has proven once again that printers are highly vulnerable to online attacks.

Auernheimer discovered that there are numerous printers around the world that can be accessed from the Internet without authentication, as they all had port 9100 exposed. To prove his point, he sent a PostScript file to the vulnerable printers, using a shell script to have the exposed machines printing the content of the file.

The file was an anti-Semitic flier pointing to a neo-Nazi website that started pouring out of thousands of printers, including those at universities, colleges, various other organizations, and even personal printers. 

Auernheimer explains in a blog post that he used the mass IP port scanner called Masscan, a tool available as open source, to find the vulnerable printers. He also notes that Shodan is also suitable for the task, but that it implies costs he wasn’t willing to cover.

The first reactions to Auernheimer’s experiment began to emerge five days ago, and have been surfacing online fast as the flyers were pouring out of the exposed printers. Overall, he claims that the experiment was a success.

What Auernheimer managed to reveal was the fact that tens or maybe hundreds of thousands of printers are accessible over the Internet and don’t require authentication. He also sent a clear message to administrators that they need to better secure the resources inside their networks to ensure the security of all machines connected to it.

In January, a researcher revealed that thousands of office printers, ones that have gigabytes of internal storage, are exposed on the Internet, and that HP printers, which are accessible over port 9100, provide malicious actors an anonymous FTP server. In September last year, the company announced the launch of enterprise-grade printers fitted with security features to prevent malicious attacks from breaching a company’s network.

Earlier this month, hackers managed to make off with $81 million from Bangladesh’s central bank because of a printer and software problem, although the printer was not the initial point of attack. Faulty printers prevented the bank from stopping a series of fraudulent transactions for four days, and the hackers were able to transfer millions electronically to accounts in the Philippines.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.