February 6, 2017
‘Stackoverflowin’ hacked HP Inc, Epson, Canon and Brother printers to show the vulnerability of their security, and the potential for hackers to steal sensitive documents and data, after reports last week that printers were susceptible.
Hothardware reported that this was not a malicious hacking but an exercise to show how easy it was for hackers to access a printer, and that everyone should take printer security more seriously. Last month The Recycler reported on the lack of printer security across the OEMs, with new research having discovered 61 percent of businesses have fallen foul of insecure printing data.
This is despite the fact that business operations are required to have data protection, for which print security is essential. Quocirca and Y Soft surveyed 200 organisations and received 1,000 replies, which showed that 48 percent were susceptible to “printer hard disk theft or retrieval”, and that 50 percent of print jobs were captured during the print queue or network.
The recent hacking by white-hat hacker ‘Stackoverflowin’ highlighted the need for increased security of printers, noted the article, after he sent out 150,000 print jobs in 24 hours. The page printed showed a robot with a message from the hacker, part of which read “your printer is a flaming botnet” and further on “your printer has been owned”.
A solution to the problem came from someone commenting online, who said “to shut down this exploit is relatively easy In the long run, as long as you close port 9100 and put an admin password on the printer you should be good. It looks like he’s making a socket connection through telnet into port 9100 through port scanning and then sending a PJL to the printer”.
Stackoverflowin said to Hothardware: “Obviously there’s no botnet. I’m about helping people to fix their problem, but having a bit of fun at the same time. Everyone’s been cool about it and thanked me to be honest.”
Categories : World Focus