Someone Claiming to Sell Mass Printer Hacking Service
This may sound unbelievable…and scary as well- hackers being able to manipulate all internet-facing printers to print whatever they would want to print!
Less than a week ago tens of thousands of internet-connected printers at offices and homes around the world were hijacked and these printers delivered print-outs canvassing support for YouTuber PewDiePie. Now, someone comes up attempting to sell a mass printer hijacking service, as per which all internet-connected printers in the world could be made to spit out anything that a hacker wants them to print.
The Vice Motherboard website reports, “Accessing printers en masse can still be somewhat technical though, so what if there was an easier way, that anyone could use? Now, someone is advertising printer hijacking as a service. Although it’s not clear whether the advert is more of a troll tactic and not a totally legitimate offer, the news still signals just how exposed many printers around the world are.”
An advertisement that was blasted out to all internet-connected printers came with the caption- “Everyone will see your message”. Andrew Morris, CEO of cybersecurity firm GreyNoise came up with a tweet on December 2, which stated, “.@GreyNoiseIO just detected someone (specifically 194.36.173[.]50) spraying the entire Internet with print commands for this document advertising a world-wide printing service, similar to HackerGiraffe’s PewDiePie printer hack and Weev’s swastika printer hack.”
Andrew Morris had attached to his tweet a png of the raw PCL commands, which asks people to contact at a mail address “…to secure your spot in the most viral ad campaign in history”. The advertisement also says, “We have the ability to reach every single printer in the world! Reservations are limited.”
When Andrew Morris stated that the people behind the advert didn’t have a website and had only a mail server, another twitter account, claiming to be linked to the campaign, tweeted back, replying to Morris and some others- “We’re currently mostly trying to see if anyone’s interested, if people actually want to buy this we’ll build a web platform with support for more printing protocols.”
“The person in control of the operation’s email address told Motherboard that they’ve had lots of inquiries, but no sales just yet. They’re charging $250 for a single worldwide campaign, they added”, reads the Motherboard report.
So, do we see this as a hacking incident? Digital Trends, which reported the incident, comments, “Though not really considered a hack by traditional standards, the malicious-acting person likely is taking advantage of an open network port, 9100, which allows printers to receive data. The method requires the printer to be connected to the internet, and IP packets to be routed from the attacker to the printer device and backward.”
The Digital Trends report clarifies that the person behind the campaign leveraged this to try and get internet-connected printers to feed out the messages that he wanted to be spread out. This raises serious concerns; we need to think as to how many computers can in fact be impacted. Yet, if we go by what Motherboard has reported, the people behind the campaign have already got inquiries and they are set to charge $250 per campaign!
Cybercriminals have always been thinking about this concept, of hijacking internet-connected printers to deliver print-outs that they want to propagate. There have been instances when this has been tried out to an extent. Weev (Andrew Auernheimer) exploiting unsecured printers to print out racist flyers in 2016, a teen hacker hijacking about 150,000 internet-connected printers and getting them to print messages in February 2017 and the very recent PewDiePie episode stand testimony to the fact that hackers are indeed toying with this idea of seizing control of internet-facing printers and exploiting them to achieve their ends.
Though there are reasons to doubt the legitimacy of the services that the people behind the recent campaign claim to provide, this does raise very serious questions about the security of internet-connected printers and such other internet-faced devices.
Kevin Jones753 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.