Printers are so insecure that some individuals hack them by the thousands to blare out their messages to an otherwise unreachable audience. The most recent example involves a hacker who used 50,000 printers worldwide to spread a flyer promoting a popular YouTube channel. He claims he could have sent the print job to 800,000.
The stunt was part of a collective effort from fans of Swedish comedian Felix Kjellberg, who is better known by his online moniker PewDiePie, to keep his YouTube spot as the channel with most subscribers. The contender to the title was T-Series, a media company in India whose number of followers got dangerously close to that of PewDiePie.
The individual behind the hack appears to be a 19-year old using the Twitter account @HackerGiraffe, who acted with no malicious intent. In fact, after printing the message asking people to subscribe to the PewDiePie channel and to raise awareness to their cause, the hacker let the owners of the printers know that the device was accessible from the internet so they could bolster security.
@HackerGiraffe’s act was far from complex, but it does require some technical knowledge, at least to understand how remote print jobs work. It entailed searching online for open printer ports and using a ready-made tool created for testing printer security.
“PRET had the scariest of features. Ability to access files, damage the printer, access the internal network…things that could really cause damage. So I had to do this, to at least help organizations and people that can protect themselves,” the hacker tweeted in a thread that explains their actions.
The hacker says the list of vulnerable devices had 800,000 entries, but selected only the first 50,000 for the attack. According to the hacker, only about 49,000 received and printed out the document, and the whole thing took about 15 minutes to set up.
The collective effort of PewDiePie’s fans seem to have won the battle for the most subscribed YouTube channel, as the account is ahead of T-Series by about 400,000 subscribers. The war is still on, though.
@HackerGiraffe’s actions inspired others who used the idea in an attempt to build a spam distribution business. Printeradvertising.com is described as a guerilla marketing service that can send advertisements to every printer in the world that is connected to the internet – a bold claim that cannot be proven. Until now, the service used vulnerable printers just to promote itself.
Regardless of the motivation behind these enterprises, the activity raises awareness of the fact that printers are often overlooked or downright ignored when it comes to securing connected devices on the network. It is up to manufacturers and users alike to change the balance and prevent unauthorised access.