Security Experts:

Connect with us

Hi, what are you looking for?


M&A Tracker

Thousands of Printers “Hacked” to Spew Anti-Semitic Flyers

Thousands Internet-connected printers around the world have been “hacked” and commanded to print anti-Semitic flyers.

Thousands Internet-connected printers around the world have been “hacked” and commanded to print anti-Semitic flyers.

Internet of Things (IoT) devices have been long said and proven to be vulnerable to various types of attacks, especially if they are not properly secured. Andrew “Weev” Auernheimer, a man prosecuted and convicted for snooping e-mails and authentication IDs of Apple iPad users from AT&T’s servers, has proven once again that printers are highly vulnerable to online attacks.

Auernheimer discovered that there are numerous printers around the world that can be accessed from the Internet without authentication, as they all had port 9100 exposed. To prove his point, he sent a PostScript file to the vulnerable printers, using a shell script to have the exposed machines printing the content of the file.

The file was an anti-Semitic flier pointing to a neo-Nazi website that started pouring out of thousands of printers, including those at universities, colleges, various other organizations, and even personal printers. 

Auernheimer explains in a blog post that he used the mass IP port scanner called Masscan, a tool available as open source, to find the vulnerable printers. He also notes that Shodan is also suitable for the task, but that it implies costs he wasn’t willing to cover.

The first reactions to Auernheimer’s experiment began to emerge five days ago, and have been surfacing online fast as the flyers were pouring out of the exposed printers. Overall, he claims that the experiment was a success.

What Auernheimer managed to reveal was the fact that tens or maybe hundreds of thousands of printers are accessible over the Internet and don’t require authentication. He also sent a clear message to administrators that they need to better secure the resources inside their networks to ensure the security of all machines connected to it.

In January, a researcher revealed that thousands of office printers, ones that have gigabytes of internal storage, are exposed on the Internet, and that HP printers, which are accessible over port 9100, provide malicious actors an anonymous FTP server. In September last year, the company announced the launch of enterprise-grade printers fitted with security features to prevent malicious attacks from breaching a company’s network.

Earlier this month, hackers managed to make off with $81 million from Bangladesh’s central bank because of a printer and software problem, although the printer was not the initial point of attack. Faulty printers prevented the bank from stopping a series of fraudulent transactions for four days, and the hackers were able to transfer millions electronically to accounts in the Philippines.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

M&A Tracker

The SecurityWeek editorial team huddled over the holidays to look back at the stories that shaped 2022 and, more importantly, to stare into a...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.


More than 450 cybersecurity-related mergers and acquisitions were announced in 2022, according to an analysis conducted by SecurityWeek

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.