Printers gone mad

December 5, 2018

One quiet evening, you suddenly hear a sound. It’s the printer in the next room, and it’s furiously printing something no one requested. You take a look and see that it’s printed a leaflet urging you to subscribe to a well-known YouTube channel.

A few hours later, the printer suddenly spits out an ad from a company promising to advertise goods through printers, and then starts incessantly printing all kinds of gobbledygook, mostly of extremely dubious content. What the hell is going on? Your printer’s been hacked, that’s what. And not only yours.

50,000 printers worldwide suddenly printed a leaflet in support of youtuber PewDiePie. How can you protect your printer from hackers?

Printers like PewDiePie

The above case is real, and quite recent: Last week 50,000 printers worldwide suddenly became fans of PewDiePie, the youtuber in question. One of them was even a receipt printer at a police station, which probably raised a few eyebrows.

Here’s how it happened: Somewhere, a hacker was bored — and a bored hacker means trouble. It seems he had just spent four hours playing Destiny 2 nonstop. If you’ve ever played this game, you can imagine his frame of mind. After Destiny 2-ing, he was itching to hack something, and with that in mind, he logged into Shodan, a service that allows you to search for Internet-connected devices, also known as the world’s first search engine for the Internet of Things.

The hacker decided that he would target printers and get them to print something funny (in his opinion), and so that’s what he did. According to the hacker (who told the whole story himself on Twitter, where his handle is @HackerGiraffe), he skimmed through the available information on printer protocols and the corresponding ports, and then looked for the ports on Shodan. There, he discovered more than 800,000 devices online with these ports open. He selected the first 50,000.

He decided it would be funny to print a leaflet in support of famous vlogger PewDiePie, whose YouTube channel is in a battle with another channel, T-Series, for the title of most popular in the world. The message urged recipients to subscribe to PewDiePie and unsubscribe from T-Series.

In the wilds of the Internet, the hacker found a program for hacking printers, wrote a simple script to run the hacking tool and send a command to the printers to print the leaflet, and then executed the script. As a result, 50,000 printers worldwide churned out the following:

Partisan printer marketing

Such news could hardly be missed by the media — and soon millions of people around the world knew that hundreds of thousands of printers were hijackable.

They included some enterprising minds, who promptly set up an agency offering to print ads on other people’s printers — apparently using the same method employed by @HackerGiraffe, after he kindly tweeted how to do it.

To illustrate the service, information about the agency was disseminated through the same printers as before (the owners of which must have been delighted, especially the police station). The advertising brochures dropping into the printer trays boasted that the agency could hack absolutely any printer in the world. That’s probably a slight exaggeration: If they use the very technique described by @HackerGiraffe, they can reach only network printers.

A brief history of printer attacks

In fact, attacks on printers are nothing new, and it is somewhat surprising that the idea has only recently entered the mainstream. Back in the fax age, for example, fax spam was popular with all kinds of mischief-makers eager to distribute ads and other materials by fax. In 1991, a law was passed in the US to prohibit the practice, which also coincided with a general decline in faxes worldwide (although you won’t believe in which country they are still alive and kicking!).

Speaking of printers, in 2008 researcher Aaron Weaver published an article describing how a Web page can be created for launching print jobs on any visitors’ printers. There have also been cases of mass attacks on printers — for example, in 2016 a hacker hacked network printers at more than a dozen US colleges and printed racist leaflets on them.

How to prevent your printer from going postal

Most users probably don’t need their printer to be hooked up to the Internet. And only network printers can be hacked using the method described above, so it is better simply to disconnect your printer from the Internet, in which case it will still be accessible through the local network.

  • Disable any printer settings that involve printing over the Internet.
  • Change your username and password (if your printer uses login credentials); never keep the default values.
  • Close router ports 9100, 515, and 721–731. See your router’s user manual to find out how.
  • Turn off your printer when it’s not in use.