You did Nazi this coming

Yet another reason why you do not want Everything In The Fricking World connected to the Internet:

The notorious hacker and troll Andrew Auernheimer, also known as “weev,” just proved that the Internet of Things can be abused to spread hateful propaganda. On Thursday, Auernheimer used two lines of code to scan the entire internet for insecure printers and made them automatically spill out a racist and anti-semitic flyer.

Hours later, several people started reporting the incident on social media, and eventually a few local news outlets picked up on the story when colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer.

Auernheimer detailed this “brief experiment,” as he called it, in a blog post on Friday.

Said weev:

After a little investigation it seemed that to print to a printer with port 9100 exposed, all you have to do is netcat a postscript file to that port.

And how likely is it that port 9100 is open and listening? Very:

For network-connected print devices, the standard TCP/IP port monitor is the best choice. Standard port monitor is the successor to line printer remote (LPR), that has been widely adopted as the de facto standard in network printing for the past several years. Standard port monitor is faster, more scalable, and bidirectional. In contrast, LPR is limited in all of these areas. Although Windows NT 4 and later provided registry modifications to help extend the capabilities of LPR printing, these changes do not compare with the benefits of using standard port monitor… The RAW protocol is the default for most print devices. To send a RAW-formatted job, the print server opens a TCP stream to the printer’s network interface. For many devices this will be port 9100.

“We were only following instructions.”

@SwiftOnSecurity feigned astonishment at the ease of the hack: “I’ve always wondered how the hell you even get a printer on the _Internet_. Plugging it into a DSL modem? Who? Why?”

Anything on the wrong side of a firewall can be presumed open, be it a printer, a computer, or a refrigerator.

Tweet





4 comments »

  1. fillyjonk »

    28 March 2016 · 1:42 pm

    I can just hear someone, somewhere, going “‘Safe Space’ THAT, kiddos!”

    I dunno. I prefer the silly kind of hacks, like the one where you could make some of the old HPs say “FEED ME A CAT” in their message window.

  2. fillyjonk »

    28 March 2016 · 2:32 pm

    Also:

    “I hate TCP/IP Nazis.”

  3. McGehee »

    28 March 2016 · 4:40 pm

    Our printers connect only to our router, which is encrypted with a password other than “password.”

    It is possible to reach it from the wider internet, but only with pre-set credentials.

    Apparently being able to set this up makes me a network-security 1%-er.

  4. McGehee »

    28 March 2016 · 4:40 pm

    It, them, whatevs.

RSS feed for comments on this post · TrackBack URI

Leave a comment