Approximately 150,000 internet-connected printers have been hacked across the world by an anonymous hacker, whose intention was to warn users about the vulnerability of their devices.
Known only as ‘stackoverflowin’, the hacker caused printers to print out messages such as “Your printer is part of a flaming botnet, operating on BTI’s (break the internet) complex infrastructure” and “For the love of God, please close this port, skid” (see below).
The hacker achieved this by writing and running an automated script that searches for open printer ports and sends out print jobs to vulnerable devices. According to the hacker, vulnerable devices include those with IPP (Internet Printing Protocol) ports, LPD (Line Printer Daemon) ports, and port 9100 left open to external connections. The script also uses a remote code execution vulnerability to target Dell Xeon printers.
Later, the hacker assured that there was no actual botnet and that the intention was to create awareness about device security.
The hack followed the release of work from Ruhr University researchers that showed vulnerabilities in internet-connected printers across the board, as well as their release of a ‘printer exploitation toolkit’, which enables users to attempt to hack their own printers to determine if they are vulnerable.