Cybernews
  • News
  • Editorial
  • Security
  • Privacy
    • What is a VPN?
    • What is malware?
    • How safe are password managers?
    • Are VPNs legal?
    • More resources
    • Strong password generator
    • Personal data leak checker
    • Antivirus software
    • Best VPN services
    • Password managers
    • Secure email providers
    • Best website builders
    • Best web hosting services
  • Follow
    • Twitter
    • Facebook
    • YouTube
    • Linkedin
    • Flipboard
    • Newsletter

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

Our readers help us create quality content. If you purchase via links on our site, we may receive affiliate commissions. Learn more

Home » Security » We hijacked 28,000 unsecured printers to raise awareness of printer security issues

We hijacked 28,000 unsecured printers to raise awareness of printer security issues

by CyberNews Team
27 August 2020
in Security
11
We hijacked 28,000 unsecured printers to raise awareness of printer security issues
227
SHARES

Cybersecurity experts at CyberNews hijacked close to 28,000 unsecured printers worldwide and forced them to print out a guide on printer security

Most of us already know the importance of using antivirus, anti-malware, and VPNs to secure our computers, phones, and other devices against potential attacks. Printers? Not so much. We at CyberNews wanted to show users the importance of protecting printers from becoming easy prey for cybercriminals, so we decided to bring the message home.

In order to help as many people as possible secure their devices against potential cyberattacks, the CyberNews security team accessed 27,944 printers around the world and forced the hijacked devices to print out a short 5-step guide on how to secure a printer, with a link to a more detailed version of the guide on our website.

We hijacked 28,000 unsecured printers
video screenshot

About this experiment

To perform the experiment, we used Internet of Things (IoT) search engines to search for open devices that utilized common printer ports and protocols. After filtering out most of the false positives, we were left with more than 800,000 printers that had network printing features enabled and were accessible over the internet.

While this does not mean that all 800,000 of these printers were necessarily vulnerable to cyberattacks, our estimates have shown that we could successfully target approximately 500,000 of these devices.

After selecting a sample of 50,000 open printers and creating a custom printing script, we managed to print out PDF documents on 27,944 unprotected devices.

How we did it

Before initiating the experiment, our first step was to gather the total number of available targets. To find out how many printers were on the menu for our experiment, we searched for IP addresses with open ports on specialized IoT search engines, such as Shodan and Censys. While performing the search, we made sure that the open devices we found were actual printers, as opposed to unrelated services that simply used those ports for other purposes.

Out of 800,000+ available printers, we selected a sample of 50,000 devices that we would try to access and force to print our guide on printer security.

Our selection was based on:

  • Device location (to cover the entire globe)
  • Device manufacturer
  • Protocols used to access the printers

We then created our own custom script that was specifically designed to only target the printing process, without gaining access to any other features or data stored on the printers.

blurred tool screenshot

As soon as we launched the script, it began hijacking the printing processes in unsecured devices and forced them to print out the printer security guide.

Printer security guide printed on hijacked devices

The results

In the end, we managed to hijack 27,944 printers out of the 50,000 devices that we targeted, which amounts to a 56% success rate. Taking this percentage into account, we can presume that out of 800,000 internet-connected printers across the world, at least 447,000 are unsecured.

These numbers speak volumes about the general lack of protection of networked devices worldwide.

Example of available open printers on a single IoT search engine (Shodan.io):

 blurred shodan screenshot

As we can see, many users and organizations still use internet-connected devices without thinking about security, installing firmware updates, or taking into account the implications of leaving their devices publicly accessible. Which means that the humble printer remains one of the weakest links in the security of both organizational and home networks.

While security experts have been aware of printer vulnerabilities for quite a while, even previous large-scale attacks on printers like the Stackoverflowin hack in 2017 and the PewDiePie hack performed by TheHackerGiraffe in 2018 did not seem to shock the public into securing their networked devices.

TheHackerGiraffe tweet screenshot

TheHackerGiraffe, author of the 2018 PewDiePie hack, noted to CyberNews that when he performed a scan to gather available targets for his hack two years ago, the numbers of open printers were almost exactly the same, clocking at around 800,000.

“One issue I highlighted was using the PRET tool on GitHub to abuse printers that parse PostScript in order to not only get a fully functioning shell on the printer, which means that you can upload backdoors and recruit the printers into botnets,” said TheHackerGiraffe. The hacker added that attackers could also access recently printed or scanned files that are stored on printers or even brick the devices by causing repeated writes to their onboard chip.

“I think printer security is severely underrated and should be taken more seriously, because most printers have web interfaces that can allow you access to internal data. Moreover, by using PRET you can also read the web page’s credentials using the bash shell.”

added TheHackerGiraffe

Even though securing each and every printer in the world might seem like a pipe dream, this does not mean that institutions and security experts should stop raising awareness about printer security and implementing stricter cybersecurity policies across organizations. Otherwise, the world might be just one massive cyberattack away from potential disaster.

Why printer security is important

While we were deliberately careful to only target the printing processes of the unsecured printers during the experiment, IoT hijacking attacks – when performed by bad actors without ethical limitations – can cause serious damage to organizations and individuals who neglect printer security.

From legal firms to banks to government departments, office printers are used by organizations of all types and sizes to print sensitive, confidential, and classified data. Not only that, these printers can also store copies of that data in their memory. Needless to say, attackers can easily exfiltrate this data by accessing unsecured office printers and use it for blackmail or corporate espionage, or simply sell it on the black markets of the dark web.

Bad actors can also take over unsecured printers and incorporate them into botnets in order to perform DDoS attacks, send spam, and more. What’s more, cybercriminals can use internet-connected printers to gain an initial foothold into the local or corporate networks and find more ways to cause more damage to the unsuspecting victims. Or they can simply use these printers to mine cryptocurrency, ramping up their victims’ electricity bills in the process.

Securing your printer

Our experiment has shown that printer security remains a serious concern for individuals and organizations across the world. With that said, most of the printers we managed to hijack could have been easily secured by following common security best practices and a few simple steps. 

To quote the security guide we printed on tens of thousands of unsecured printers, “here’s how”:

1. Secure your printing ports and limit your printer’s wireless connections to your router. Configure your network settings so that your printer only answers commands that come via specified ports on your network router. The standard protocol for secure printing on new printers is IPPS protocol via SSL port 443.

2. Use a firewall. This will protect unused protocols that can allow cybercriminals to remotely access your printer from outside the network.

3. Update your printer firmware to the latest version. Printer manufacturers regularly fix known vulnerabilities in the firmware for the devices they produce, so make sure your printer always stays up-to-date security-wise.

4. Change the default password. Most printers have default administrator usernames and passwords. Change it to a strong, unique password in the utility settings of your printer and make sure print functions require log on credentials. In case you decide to store your password, make sure you store it with a reliable password manager instead of a text file or somewhere else unsecured.

For more detailed information on printer security, read our guide on securing your printer against cyberattacks here.

Protect your data online with our hand-picked digital privacy tools

Antivirus software

  • Best antivirus software in 2021
  • Bitdefender antivirus review
  • TotalAV antivirus review
  • Malwarebytes review
  • ESET antivirus review

VPN

  • What is a VPN?
  • Best VPN services in 2021
  • NordVPN review
  • Surfshark VPN review
  • CyberGhost VPN review

Password managers

  • Are password managers safe?
  • Best password managers
  • 1Password review
  • NordPass review
  • LastPass review

Share226TweetShareShare
Comments 11
  1. Find Printer IP Address says:
    4 months ago

    Hi,
    Thanks for sharing this information with us. It is good and really useful. If you are facing issues during finding IP address of a Printer on Windows 10, then visit Find Printer IP Address to establish Printer Network Setup.

    Reply
  2. Stella says:
    4 months ago

    The experiment did a good job of showing how vulnerable your network endpoints can be if you are not taking all the steps to secure privacy.

    Reply
  3. Robert B Lafosse says:
    8 months ago

    If I walk down a street and try 100 doors and find 5 of them unlocked what does this mean? Am I doing people a service? What exactly is the point…

    Reply
  4. Frank Ting says:
    8 months ago

    You should go to jail for this. Hacking as a media stunt is still hacking.

    Reply
  5. Duckie says:
    8 months ago

    OMG! I was about to print my resume and leave for an interview but a manual that sounds like this came out and used the last of my few sheets of paper.
    No I didn’t get the job as they felt I wasn’t a prepared person.
    Do you by any chance have a legal attorney?

    Reply
  6. Joseph says:
    8 months ago

    Even if the front door of my home of open it doesn’t make it lawful for you to enter. It doesn’t matter if you explain that you did it to prove to me that I need to lock my doors. What you did is illegal and you posting this reinforces the flawed notion that it’s ok for people to hack devices so long as their intention is “good”.

    Reply
    • Annie says:
      4 months ago

      It’s ok to hack if your intension is good, AND you have permission to in writing, with terms clearly defined. It’s an actual job called pen testing.

      Reply
  7. Mike says:
    8 months ago

    So you effectively wasted collectively $220 worth of someone else’s paper (and toner) to write an article.

    Not impressed.

    Criminal and not ok.

    Reply
  8. n1bl3 says:
    8 months ago

    Lets hack 80000 phones and call it an experiment… and I will be gladly to post instructions how to secure a phone…. But wait! I’m considered a criminal then…

    Reply
  9. GltPoa says:
    8 months ago

    Re: “We then created our own custom script that was specifically designed to only target the printing process”

    What script? Where is it?

    Reply
    • syauqie says:
      8 months ago

      It’s definitely a secret

      Reply
Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's choice

500M LinkedIn user records sold on hacker forum
News

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

by CyberNews Team
6 April 2021
5

We updated our leak checker database with more than 780,000 email addresses associated with this leak...

Read more
LinkedIn, FB, Twitter, Clubhouse apps seen on an iPhone

Recent Facebook, LinkedIn and Clubhouse leaks explained

15 April 2021
Cheapest tool to kill satellites? A computer

Cheapest tool to kill satellites? A computer

13 April 2021
A gift to criminals and tyrants? Soon, wireless devices could become object sensors

A gift to criminals and tyrants? Soon, wireless devices could become object sensors

13 April 2021
“Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data

“Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data

12 April 2021
  • Categories
    • News
    • Editorial
    • Security
    • Privacy
  • Reviews
    • Antivirus Software
    • Password Managers
    • Best VPN Services
    • Secure Email Providers
    • Website Builders
    • Best Web Hosting Services
  • Tools
    • Password Generator
    • Personal Data Leak Checker
  • Engage
    • About Us
    • Send Us a Tip
    • Careers
  • Twitter
  • Facebook
  • YouTube
  • Linkedin
  • Flipboard
  • Newsletter
  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.
Subscribe For Security Tips And CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Our Privacy Policy and Terms & Conditions

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.