HP, Epson, Canon And Brother Printer Users Punked By ‘Flaming Botnet' - We Told You So

insert cheese
Just yesterday, we posted a story concerning printer security and how we should take it more seriously given IoT botnets that are swooping across the globe (namely Mirai), along with the sensitive data and documents these machines are custodians of. Today’s printers have relatively potent processors, complex operating systems and of course connect to the internet, to enable remote printing and firmware updates (among other things).

Unsurprisingly, though the timing is impeccable, a hacker by the name of Stackoverflowin’ just made the case for increased security with it comes to printers. Stackoverflowin’ revealed to Bleeping Computer that he has gone on a tirade for the past 24 hours via the use of an automated script. Using that script, he has been able to sniff for wide open printer ports, using the “open door” to send out print jobs.

Stack OverFlowin Hack Printout
One unfortunate reddit user's heads-up message from the hacker

Needless to say, it’s a bit alarming to hear your laser or inkjet printer churning away in the middle of night, only to walk over and find an admonishing note from none other than Stackoverflowin’ (as the following people did):

No major manufacturer has been spared from this seemingly (at first glance) harmless annoyance. Popular printer brands like Hewlett-Packard, Epson, Canon and Brother have all found themselves vulnerable to attack. This video on YouTube goes to great length to discuss how the exploit takes advantage of Printer Job Language (PJL) commands.

One video commenter, heyfrank, reports that shutting down this exploit is relatively simple:

In the long run, as long as you close port 9100 and put an admin password on the printer you should be good. It looks like he's making a socket connection through telnet into port 9100 through port scanning and then sending a PJL to the printer. We weren't sure of the extent of the hack until we started exploring the internet. He sure did not try to cover his track, not sure why the paste bin was even there.

As for Stackoverflowin’, he says that his hijinks were all in good fun. "Obviously there's no botnet. I'm about helping people to fix their problem, but having a bit of fun at the same time. Everyone's been cool about it and thanked me to be honest."

So, while this might not have been done for malicious gain, it still highlights a serious problem when it comes to printer security. The next attack might not be so harmless...