Home Security Printers hacked to prove how insecure they are

Printers hacked to prove how insecure they are

Hundreds of thousands of printers were “pwnd” last week to show owners how insecure they are and that some can join botnets to assist in DDoS attacks.

The issue is that port 9100 is often left open to external Internet connections to allow firmware to be updated and Web printing. It is not known just how many printer makes and models are affected but a table at the end of this article lists 20 commercial printers that have been PRinter Exploitation Toolkit (PRET) tested.

Hacker Stackoverflowin told Bleeping Computer that his script targeted printing devices that have IPP (Internet Printing Protocol) ports, LPD (Line Printer Daemon) ports, and port 9100 left open to external connections. That is just about every current printer.

The fully automated script (that means it can run forever) also includes an exploit that uses a remote code execution vulnerability to target Dell Xeon printers. “This allowed me to inject PostScript and invoke rouge jobs,” Stackoverflowin said about the RCE vulnerability's role.

Stackoverflowin is a grey-hat hacker (a mix of good and bad – percentages subject to change without notice) and he just wanted to raise awareness about the dangers of leaving printers exposed online without a firewall or other security settings enabled.

Users reported multiple printer models as affected. The list includes brands such as Afico (Ricoh), Brother, Canon, Epson, HP, Lexmark, Konica Minolta, Oki, and Samsung.

The research paper SoK: Exploiting network printers stated

  • Even though many proof-of-concept attacks and techniques are known for years, the according countermeasures have not been implemented, leaving the devices and systems vulnerable.
  • There is no research or document summarising all existing attacks. More important, there is no general methodology describing how a security evaluation on printers can be done.
  • Classification of the existing attacker models relevant for printers is missing.
  • There are no tools capable the security evaluation of printers.

In part, the printers are vulnerable as they are exposed to the internet but in part, it is because most use Postscript or PDL (page description language) interpreters that not only control fonts and graphics but the printers central processing unit.

HP has recently protected the BIOS and includes a self-healing function but even that will not prevent port 9100 attacks on networked (that is Ethernet wired or Wi-Fi printers). Printers connected directly via USB with printer sharing disabled are fine.

At present it is advised to close port 9100 for networked printers and change passwords.

Printer pwnd


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips


Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!