A Hacker Just Pwned Over 150,000 Printers Exposed Online

Last year an attacker forced thousands of unsecured printers to spew racist and anti-semitic messages. But this year's attack is even bigger. An anonymous reader writes: A grey-hat hacker going by the name of Stackoverflowin has pwned over 150,000 printers that have been left accessible online. For the past 24 hours, Stackoverflowin has been running an automated script that searches for open printer ports and sends a rogue print job to the target's device. The script targets IPP (Internet Printing Protocol) ports, LPD (Line Printer Daemon) ports, and port 9100 left open to external connections. From high-end multi-functional printers at corporate headquarters to lowly receipt printers in small town restaurants, all have been affected. The list includes brands such as Afico, Brother, Canon, Epson, HP, Lexmark, Konica Minolta, Oki, and Samsung.

The printed out message included recommendations for printer owners to secure their device. The hacker said that people who reached out were very nice and thanked him.
The printers apparently spew out an ASCII drawing of a robot, along with the words "stackoverflowin the hacker god has returned. your printer is part of a flaming botnet... For the love of God, please close this port." The messages sometimes also include a link to a Twitter feed named LMAOstack.

This keeps happening because mfgs won't fix it

[El+Cubano]

I've been giving some thought to this whole botnet epidemic. It occurs to be that there is a very straightforward solution:

Every manufacturer, software vendor, etc., should ship their hardware, software, device, etc., in a mode in which all remote/external access is completely disabled. Then the user would be required to at least take a positive action to enable the remote or network capability.

However, I am relatively certain this won't happen, for these reasons:

1. If people can't just &plug and play" their devices, then the manufacturer will end up having to bear a greater support burden (i.e., more people calling with problems like "I can't make my printer work on the WiFi")
2. If people have more problems many will complain, costing the manufacturer brand reputation
3. The way things currently stand it is cheaper for the manufacturer, and when things go wrong the customer bears the cost of cleaning up the mess
4. The vast majority of people either never have a problem or never realize that they have a problem (i.e., they are on a private network, a techie friend or family member does the setup and properly secures the device, etc.)

Given that manufacturers are in no rush to do anything that costs them more money (hardware margins are razor thin for just about every hardware company not named "Apple"), I really don't see this changing anytime soon, which is sad because this sort of mentality is making the Internet a worse place for everyone all around.

Giant Penis (attention grabber)

Funny story, third hand but from a source I 100% believe.

Walking back from a bar to his car in the downtown of a mid-size American city a friend of my friend notices open WiFi. *Score!* He connects to the network and gets a list of connected devices. He sees the usual stuff, but also something he'd never seen before. He does a quick search and finds out it's a commercial banner printer. It does 600dpi prints up to 30" wide off of rolls that can be 250' long. *SCORE!*

At this point WiFi is pretty new to most people, and security is barely on anyone's mind. He does a relatively nice thing - he finds a standard HP Laserjet and prints off a letter explaining that their WiFi is open, their 5-figure printer is exposed to the world, and it would be a really good idea to fix that. He even gives them a link to their AP's documentation showing how to set up password access.

As you might imagine, he was a pretty frequent visitor to the bar - so he watched and waited for a while. Seeing no change in their openness, he repeated the warning letter and made it pretty clear they should take the potential for damage seriously. He ended up traveling away for work reasons, and when he returned over two full weeks later he was eager to return to his local spot.

Of course there was still no change in the open network, and the printer was still available. After some thought, he got pretty well inebriated, and knew exactly what to do. He downloaded the printer's driver software to his laptop, found a good high resolution picture and printed a 30' long veiny erect penis on their big buck banner printer. The next week, the WiFi was password protected at that location.