A Hacker Just Pwned Over 150,000 Printers Exposed Online

Last year an attacker forced thousands of unsecured printers to spew racist and anti-semitic messages. But this year's attack is even bigger. An anonymous reader writes: A grey-hat hacker going by the name of Stackoverflowin has pwned over 150,000 printers that have been left accessible online. For the past 24 hours, Stackoverflowin has been running an automated script that searches for open printer ports and sends a rogue print job to the target's device. The script targets IPP (Internet Printing Protocol) ports, LPD (Line Printer Daemon) ports, and port 9100 left open to external connections. From high-end multi-functional printers at corporate headquarters to lowly receipt printers in small town restaurants, all have been affected. The list includes brands such as Afico, Brother, Canon, Epson, HP, Lexmark, Konica Minolta, Oki, and Samsung.

The printed out message included recommendations for printer owners to secure their device. The hacker said that people who reached out were very nice and thanked him.
The printers apparently spew out an ASCII drawing of a robot, along with the words "stackoverflowin the hacker god has returned. your printer is part of a flaming botnet... For the love of God, please close this port." The messages sometimes also include a link to a Twitter feed named LMAOstack.

This keeps happening because mfgs won't fix it

[El+Cubano]

I've been giving some thought to this whole botnet epidemic. It occurs to be that there is a very straightforward solution:

Every manufacturer, software vendor, etc., should ship their hardware, software, device, etc., in a mode in which all remote/external access is completely disabled. Then the user would be required to at least take a positive action to enable the remote or network capability.

However, I am relatively certain this won't happen, for these reasons:

1. If people can't just &plug and play" their devices, then the manufacturer will end up having to bear a greater support burden (i.e., more people calling with problems like "I can't make my printer work on the WiFi")
2. If people have more problems many will complain, costing the manufacturer brand reputation
3. The way things currently stand it is cheaper for the manufacturer, and when things go wrong the customer bears the cost of cleaning up the mess
4. The vast majority of people either never have a problem or never realize that they have a problem (i.e., they are on a private network, a techie friend or family member does the setup and properly secures the device, etc.)

Given that manufacturers are in no rush to do anything that costs them more money (hardware margins are razor thin for just about every hardware company not named "Apple"), I really don't see this changing anytime soon, which is sad because this sort of mentality is making the Internet a worse place for everyone all around.

Botnet?

[caution+live+frogs]

Having port 9100 open doesn't make my printer part of a botnet. It just allows me to print from anywhere. I often set the printer as the DMZ address on my network, because I'd rather have people sending crap at a printer than at my actual computers. This kind is crap is really annoying, not helpful. We COULD turn off external printer ports, but in some cases they are needed or desired. Wasting paper tellling me the port is open? Stupid. Pressuring printer companies to implement a way to only allow authenticated users to print to external ports? Knock yourself out.

(If your printer has the web configuration/admin page unsecured, or telnet config open - that's a different story.)