Your Printer has been Owned

[et_pb_section fb_built=”1″ _builder_version=”3.22″ custom_padding=”0px||0px|”][et_pb_row use_custom_gutter=”on” gutter_width=”1″ module_class=” et_pb_row_fullwidth” _builder_version=”3.25″ background_color=”#757575″ width=”100%” width_tablet=”100%” width_last_edited=”on|desktop” max_width=”100%” max_width_tablet=”100%” max_width_last_edited=”on|desktop” custom_padding=”0px||0px|” make_fullwidth=”on”][et_pb_column type=”4_4″ _builder_version=”3.25″ background_position=”top_left” custom_padding=”|||” custom_padding__hover=”|||”][et_pb_post_title featured_placement=”background” _builder_version=”3.2.2″ title_font=”|||||on|||” title_text_align=”center” title_text_color=”#e02b20″ title_font_size=”40″ meta_font=”|on|||” meta_text_color=”#ffffff” background_color=”rgba(0,0,0,0.7)” background_blend=”darken” text_orientation=”center” custom_padding=”100px||100px|”][/et_pb_post_title][et_pb_search exclude_pages=”off” show_button=”off” placeholder=”Website Search…” _builder_version=”3.23″ background_color=”#ffffff” max_width=”50%” module_alignment=”center” custom_margin=”20px||20px|” border_color_all=”#757575″ button_text_size__hover_enabled=”off” button_one_text_size__hover_enabled=”off” button_two_text_size__hover_enabled=”off” button_text_color__hover_enabled=”off” button_one_text_color__hover_enabled=”off” button_two_text_color__hover_enabled=”off” button_border_width__hover_enabled=”off” button_one_border_width__hover_enabled=”off” button_two_border_width__hover_enabled=”off” button_border_color__hover_enabled=”off” button_one_border_color__hover_enabled=”off” button_two_border_color__hover_enabled=”off” button_border_radius__hover_enabled=”off” button_one_border_radius__hover_enabled=”off” button_two_border_radius__hover_enabled=”off” button_letter_spacing__hover_enabled=”off” button_one_letter_spacing__hover_enabled=”off” button_two_letter_spacing__hover_enabled=”off” button_bg_color__hover_enabled=”off” button_one_bg_color__hover_enabled=”off” button_two_bg_color__hover_enabled=”off”][/et_pb_search][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ specialty=”on” background_position_1=”top_left” background_position_2=”top_left” background_repeat_1=”no-repeat” background_repeat_2=”no-repeat” _builder_version=”3.22″ background_color=”#f1f1ed” custom_padding=”0px||0px|”][et_pb_column type=”3_4″ specialty_columns=”3″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_row_inner admin_label=”Row” _builder_version=”3.25″][et_pb_column_inner saved_specialty_column_type=”3_4″ _builder_version=”3.25″ background_position=”top_left” custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.0.6″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” hover_enabled=”0″]

Printers across the globe have been attacked over the past few days.  The attacker, “stackoverflowin” claims that 150,000 printers were attacked by forcing them to print a variety of messages containing ASCII art and the attackers email and Twitter address. While most IT professionals typically do not secure printers and don’t see this as a “big deal”, let me tell you that the ASCII image was printed on a police department printer as a result of the attack.  Now this should start raising flags if they aren’t already. Still feel the same?

Let’s take a closer look…

In an interview with Bleeping Computer, the hacker stated that he is trying to raise security awareness.  This does seem to be the case as the only known results of the attack has been the printing of mischievous images and informing the victim to secure their printer.  One image even depicted a computer with “9100” printed on the front of it (the port used to gain access to the printers).  Port 9100 is the port that can be open to the internet if the printer were setup using the default settings.  It allows an attacker to gain access to a few concerning areas of the printer and it is pretty easy to secure, but generally overlooked.

The exploit used does seem to affect some major brands;

• HP
• Epson
• Brother
• Samsung
• Konica Minolta
• Afico
• Oki

According to the website Shodan (requires a free login), the United States has the most port 9100 vulnerabilities with just over 10,000 detected.

The seriousness of this vulnerability should be realized by all IT professionals. It is a commonly overlooked default setting of a new printer can lead to the following attacks via port 9100 discussed in more detail on the Hacking Printers Wiki;

• Denial of Service
  • Transmission channel
  • Document Processing
  • Physical Damage
• Privilege escalation
  • Factory defaults
  • Accounting bypass
  • Fax and Scanner
• Print job access
  • Print job retention
  • Print job manipulation
• Information disclosure
  • Memory access (access to previously printed documents & passwords)
  • File system access
  • Credential disclosure
• Code Execution
  • Buffer overflows
  • Firmware updates
  • Software packages

As you can see this mischievous hacker could have done a lot worse and, with the availability of open source tools, it can become much more wide spread and cause much more damage.

I would recommend immediately investigating the printers on your network and your network.  Check the manufactures website for their “best practices” on securing the device as the settings vary from manufacturer to manufacturer.  I would also check your firewall and router to determine if some of the ports in question are being allowed access to your network.  A good place to start would be ports 9100, 361, 515, 8080, 80 and 443.  If you are in a small business setting, contact your IT staff as some of your business may rely on these services and alternatives to protecting your printers need to be found.

[/et_pb_text][et_pb_divider color=”#999999″ divider_position=”center” disabled_on=”on|on|off” _builder_version=”3.2″ hide_on_mobile=”on”][/et_pb_divider][/et_pb_column_inner][/et_pb_row_inner][/et_pb_column][et_pb_column type=”1_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_sidebar orientation=”right” area=”sidebar-1″ show_border=”off” _builder_version=”3.2.2″ custom_padding=”20px|||”][/et_pb_sidebar][et_pb_signup mailchimp_list=”[email protected]|45aeb0e811″ success_message=”Thanks for Subscribing!” title=”Subscribe” _builder_version=”3.23″ header_text_color=”#757575″ header_font_size=”20″ use_background_color=”off” custom_button=”on” button_text_color=”#af1616″ button_border_color=”#bf1a1a” module_alignment=”right” border_color_all_fields=”#b71e19″ button_text_size__hover_enabled=”off” button_one_text_size__hover_enabled=”off” button_two_text_size__hover_enabled=”off” button_text_color__hover_enabled=”off” button_one_text_color__hover_enabled=”off” button_two_text_color__hover_enabled=”off” button_border_width__hover_enabled=”off” button_one_border_width__hover_enabled=”off” button_two_border_width__hover_enabled=”off” button_border_color__hover_enabled=”off” button_one_border_color__hover_enabled=”off” button_two_border_color__hover_enabled=”off” button_border_radius__hover_enabled=”off” button_one_border_radius__hover_enabled=”off” button_two_border_radius__hover_enabled=”off” button_letter_spacing__hover_enabled=”off” button_one_letter_spacing__hover_enabled=”off” button_two_letter_spacing__hover_enabled=”off” button_bg_color__hover_enabled=”off” button_one_bg_color__hover_enabled=”off” button_two_bg_color__hover_enabled=”off”][/et_pb_signup][/et_pb_column][/et_pb_section]