Devices are constantly connected to the Internet these days including your printers, music systems, TV sets, refrigerators, washing machines, surveillance cameras, and even dog feeders. Recently, the world’s biggest DDoS attack was orchestrated using millions of devices connected to the Internet. That DDoS attack was malicious and it brought almost the entire Internet down.
But the current incident of hacking where around 150,000 Internet-connected printers were hacked, was is for educational purposes. It was just to let people know how vulnerable their devices that are connected to the Internet are. White-hat security enthusiast Stackoverflowin, as reported by this link, hacked into 150,000 Internet-connected printers to print out various warning messages. One message said “stackoverflowin the hacker god has returned, your printer is part of a flaming botnet, operating on putin’s forehead utilising BTI’s (break the Internet) complete infrastructure.”
Another message read, “for the love of God, please close this port, skid [script kiddie].”
For extra embellishments the messages also included some ASCII art of robots and a computer. In case you wanted to contact the friendly hacker, he had also included his email ID and Twitter handle.
How did the hacker achieve that? How did he get control over 150,000 Internet-connected printers and printed out various messages remotely? He wrote and ran an automated script that searched for open printer ports and then sent print jobs to open and vulnerable printers. According to stackoverflowin his script can target printers that have IPP (Internet Printing Protocol) ports, LPD (Line Printer Daemon) ports and port 9100 left open to external connections.
The primary purpose of hacking into people’s printers was to let them know how they printers could be taken over by malicious hackers to cause all sorts of mischief. After this, many organizations and individuals will take preventive measures to make sure that there Internet-connected printers are secure. Find more information about the incident on the above link.