Mischievous hackers could use a simple trick to send printers berserk

DMCA / Correction Notice
- Advertisement -


one in new paper, researchers highlight a selection of attacks that demonstrate the risks posed by wireless printer which has been incorrectly protected.

- Advertisement -

Written by security analysts Giampaolo Bella and Pietro Biondi, the report unpacks three attack vectors (collectively referred to as printjacks) that can be used to hijack many thousands. Printer With publicly accessible TCP port 9100, which facilitates network printing jobs.

One attack in particular, described as “paper denial-of-service (DoS)”, is used to trick printer owners into triggering jobs remotely until their paper and/or ink supplies run out. Can be used to troll. It is believed that this attack can be carried out using a simple Python script

Not-So-Funny Printer Attack

advertisement

Compared to other Internet-connected devices, measures have been taken to protect even the most modern devices Printer are extremely basic, the researchers say. And although paper DoS attacks are relatively harmless, there are more terrifying ways a hacker can abuse exposed machines.

- Advertisement -

For example, a threat actor may hijack a vulnerable printer for the purpose of launching a distributed denial-of-service (DDoS) attacks combining a known vulnerability with a widely available proof-of-concept exploit.

Beyond the fact that in this scenario the printer becomes part of a cybercriminal operation, the machine will also suffer performance degradation, consume more energy and degrade at a faster rate than usual.

The paper also demonstrates an attack in which a sensitive printer is used to intercept the contents of printed documents in plaintext form, which could have serious implications for any business handling classified data.

“There is a clear lesson beyond the technicalities of the attacks. Printers should be equally secure as other network devices such as laptop normally are,” wrote Bella and Biondi.

Simple measures include requiring authentication before someone is allowed to access the printer admin panel or launch a print job. Many problems can also be fixed by enabling IPSec-only printer connections.

The report concludes, “As appropriate technology is available to mitigate the risks of the PrintJack family of attacks, the biggest effort we face is training users to tolerate security and privacy measures through their routine print jobs. “

  • Check out our list of the best Black Friday printer deals

Through Bleeping Computer

- Advertisement -

Stay on top - Get the daily news in your inbox

Recent Articles

Related Stories