After the recent hacking of 160,000 printers globally, the hacker reveals how he did it.
The Recycler reported the story in February, and noted that the hacker wanted to point out that printers were lacking in security, and the attack was not a “malicious” one but an exercise to show how easy it was to gain access to printers. Social media followed the activities of the hacker, and showed photos of the printouts from around the world.
Security Brief NZ reported that the hacker left the message: “Hacked. Stackoverflowin/stack the almighty, hacker god has returned to his throne, as the greatest memegod. Your printer is part of a flaming botnet. Your printer has been pwn’d”. The message, left on around 160,000 printers, was sent by an 18-year-old student from the UK, who has a keen interest in cyber security and the lack of it on connected printers.
The student claimed that he “wrote a script from scratch” that allowed scanning for “insecure public-facing devices with open RAW, Internet Printing Protocol and Line Printer Remote services”, which were running on “network ports 9100, 631 and 515” – he then sent his message as a print job. The student was interviewed anonymously, and said that he “used zmap” to acquire IPs “with the targeted ports”, then used a “small loader that coded into C” to achieve the print job and “send the packet”.
By doing this he was “able to push his own firmware” to those he hacked, and he said that this is possible with most printers as the firmware “doesn’t need to be signed”. After people suspecting that this was a malicious attack, the hacker stopped the prank and sent a message about cyber security, but the article noted that “if a high school student can cause this much havoc”, what could someone with malicious intent do?
The Recycler reported in June last year that researchers from Duo Security discovered that HP Inc, Dell, Acer, and Lenovo machines are all susceptible to hackers. Laptops bought off-the-shelf come with “bloatware or third party pre-installed software that users don’t really need”, and professionals in cybersecurity do not advocate purchasing them.