- There’s still a large number of unprotected IoTs and, more specifically, internet-enabled printers.
- A team of researchers hijacked a sample of them to print out instructions on how to secure them.
- The potential consequences of leaving printers open to remote access are various.
Cybersecurity researchers at CyberNews decided to send a message to printer owners about the importance of securing their hardware, and what better way to do this than by hacking the devices? So, they fired up Shodan (IoT search engine), scanned the net, found 800,000 connected online, and decided to take a sample of 50,000 to use as targets. By using a custom printing script, they sent printing requests to this subset of devices.
The printing command was accepted by 27,944 devices, which printed out a “this printer has been hacked” message along with instructions on how to secure it.
Suppose one was to extrapolate this data, the assumption that the total number of unsecured printers with internet capabilities out there would be approximately 447,000. The researchers wrote a script that hijacked the printer only to print out something, but they could have done a lot more instead.
Accessing IoTs like printers means that a remote actor could exfiltrate the data of other printing requests concerning documents that contain confidential, sensitive, or classified information. Moreover, the actors could potentially plant botnets and use the IoTs as members of their DDoS swarms.
Some people may assume that the above threats are theoretical, but they really aren’t. We have repeatedly reported on each type of these potential exploitation scenarios, and as long as you keep your IoT unsecured, you are practically leaving it open to abuse. Even if the IoT isn’t deployed in a critical environment, someone can always plant a crypto-miner and have your electricity bills raised as a result.
The message that was printed out gives the following four steps of securing the printers:
1. Configure the network settings so that the printer only accepts commands that originate from specific ports. That would be setting the IPPS protocol via SSL port 443.
2. Set up a firewall that filters out suspicious incoming remote access requests.
3. Check for any firmware updates and install the latest available version.
4. Change the default password of your IoTs and use something strong and unique.
Back in December 2018, a hacker known as “TheHackerGiraffe” hijacked roughly a hundred thousand printers to urge people to subscribe to PewDiePie’s YouTube channel. Only a couple of months prior to that, the same person hacked into 50,000 printers. Back then, the number of online printers was again 800,000, and the percentage of those vulnerable was more or less the same as what we see today.
This means that despite the repeated warnings and the associated security advice, nothing has changed.