A serious vulnerability in printing devices has led to compromising 150,000 printers not at only one place or city but worldwide. In fact, the vulnerability was exploited by an attacker named Stackoverflowin, who is responsible for compromised thousands of printing devices globally.
Hacker used an automated script written by himself. He was able to search and find devices with IPP (Internet Printing Protocol), port 9100 open, and LPD (Line Printer Daemon), then send out rogue print commands to the targeted printers. Some of the printed notices warn the consumer that their printer has been “part of a flaming botnet” and are now “pwned”.
As the hacker claims, 2 versions of the warning were apparently sent out to more 150,000 printers. The hacker commanded the printers to print a doc informing targets of the attack with ASCII art spread all over, between other things. The excerpts shows the message given below:
— Kenshin el Manco (@d_kenshin) February 4, 2017
The targets of the attack took to Reddit and Twitter to share photos of hacker’s message. Victims also asked about it on the help forum of HP, plus an array of various websites. The attack targeted a huge number of office printers, as well as receipt printers around the world.
@lmaostack The error indicates your printer has been hacked. What's the model name of the printer? Let me know 🙂 Thanks! ^Asmita
— HP Support (@HPSupport) February 4, 2017
The warning sent by the hacker also asks consumers to “close this port, skid”. Consumers were left confused and amused, and a number of victims went on the internet asking for the solution.
— Faith Kennedy (@faithers99) February 4, 2017
— Summer Gale Fuss (@summer_fuss) February 4, 2017
In an interview with Bleeping Computer, hacker stated that.
People have done this in the past and sent racist flyers, etc. I’m not about that, I’m about helping people to fix their problem, but having a bit of fun at the same time 😉 Everyone’s been cool about it and thanked me, to be honest.
Hacker didn’t distinguish among the brands of machines either – Epson, Canon, HP, Brother, Konica Minolta, and Samsung were amongst the list of hacked machines. Slackoverflowin statements that this prank was done in a good faith and also informed the brands about the critical vulnerability.
The hacker has mostly received appreciation messages for his righteous operation. He said,
Everyone’s been cool about it and thanked me to be honest.
What would be the moral of the story for careless printer users? Stackoverflowin says in the iconic words, “Fix your bullshit.”