Skip to main content

Someone is selling a mass-hacking service, leaving your printer exposed

Hackers normally try to take control or manipulate your computer, but your internet-connected printers are also at risk. That is all according to a report from Vice, which finds that someone had attempted to sell a mass printing service, which could cause your printer to spit out any given message on a hackers command.

Though not really considered a hack by traditional standards, the malicious-acting person likely is taking advantage of an open network port, 9100, which allows printers to receive data. The method requires the printer to be connected to the internet, and IP packets to be routed from the attacker to the printer device and backward.

Related Videos

Someone claiming to have access to “reach every printer in the world” leveraged this to try and get internet connected printers to feed out messages for the mass printing hacking service, which is seen below. It is a serious concern and raises questions about how many printers can be impacted, but Vice reports that there have been inquiries into the service. Prices were apparently as high as $250 to generate a printout worldwide.

.@GreyNoiseIO just detected someone (specifically 194.36.173[.]50) spraying the entire Internet with print commands for this document advertising a world-wide printing service, similar to HackerGiraffe's PewDiePie printer hack and Weev's swastika printer hack.

— Andrew Morris (@Andrew___Morris) December 2, 2018

A previous “hack” from December 1 which printed out messages urging people to subscribe to PewDiePie also leveraged this very method. The person behind that attack claimed they got the idea after browsing through Shodan, a search engine or internet-connected devices, where 800,000 printers were listed. They then used a printer exploitation tool, which opened up an endless limit of hacking. The attack only reached out to 50,000 of those printers of which 1,500 were in India. It is not clear which models were impacted, but Vice reports that many printers are not accessible from the public internet.

“PRET had the scariest of features. Ability to access files, damage the printer, access the internal network…things that could really cause damage. So I had to do this, to at least help organizations and people that can protect themselves,” explains the PewDiePie attacker on Twitter.

This would not be the first time that printing hacking has been in the news. In September, we wrote about how hackers can use old-school printers to invade your home network. That involves malicious use of the fax function on printers from the 1990s. In that scenario, hackers were able to establish a connection with the printer, implement an exploit script, send a malicious fax right to the printer and access or target other machines.

Editors' Recommendations

Hackers used 30,000 computers for record-breaking DDoS attack
An illustration of a grid of devices with one in red, infected device highlighted.

Hackers launched a record-breaking distributed denial of service (DDoS) attack over the weekend, employing a network of botnets to make requests from over 30,000 IP addresses.

While that isn't a big network of computers, the onslaught was able to exceed 71 million requests per second (rps), surpassing the previous record of 46 million rps set in June 2022 by 35%. This is what's known as a volumetric attack that consumes the target website's bandwidth by sending large amounts of data from multiple sources at once.

Read more
Experts fear ChatGPT will soon be used in devastating cyberattacks
The ChatGPT name next to an OpenAI logo on a black and white background.

ChatGPT has taken the world by storm in recent months, but just as it has amazed people with its technical capabilities, concerns have also been raised over its potential misuse. Now, it seems some IT leaders are worried it will soon be used in major cyberattacks, with the potential to cause devastation in the future.

In a survey of 1,500 IT and cybersecurity professionals conducted by BlackBerry, 51% of respondents believed that ChatGPT will be responsible for a successful cyberattack in the next 12 months. As much as 78% feel that attack will happen within two years, while a handful think it could happen within the next few months.

Read more
This huge password manager exploit may never get fixed
A large monitor displaying a security hacking breach warning.

It’s been a bad few months for password managers -- albeit mostly just for LastPass. But after the revelations that LastPass had suffered a major breach, attention is now turning to open-source manager KeePass.

Accusations have been flying that a new vulnerability allows hackers to surreptitiously steal a user’s entire password database in unencrypted plaintext. That’s an incredibly serious claim, but KeePass’s developers are disputing it.

Read more