Hacker: I made 160,000 printers spew out ASCII art around the world Printers around the world have been hacked and instructed to churn out pages and even sales receipts of alarming ASCII art. The messages, which began spewing from internet-connected printers on Thursday, read: "Hacked. Stackoverflowin/stack the almighty, hacker god has returned to his throne, as the greatest memegod. Your …
In one of the pics I saw an Epson printer thus exposed, so I had a quick check of mine with nmap:
Host is up (0.0015s latency).
Not shown: 5256 closed ports
PORT STATE SERVICE
80/tcp open http
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
515/tcp open printer
631/tcp open ipp
1865/tcp open entp
9100/tcp open hp-pdl-datastr
Wow :(. Mine hangs off an isolated subnet so it doesn't see the Internet, but yeah, it could do with some control.
Now, that said, the number of people who have that raw on the Net ought to be small as most networks are behind NAT, so I wonder how this can be accessed from the public side of even the most basic routers.
Now there are probably also people opening ports for Google Cloud Print, HP ePrint, and the like - in work environments - and probably without actually knowing what they're doing. If you look on support forums, there are users telling others to open ports inbound when there should be no need.
>Now there are probably also people opening ports for Google Cloud Print, HP ePrint, and the like ... without actually knowing what they're doing.
Agree, I use Google Cloud Print and HP ePrint and never had to open ports for them to work on corporate networks, perhaps I'm doing something wrong...
re: "I forgot to disable upnp on the new router"
I've found this setting to be a little confusing, due to the lack of information. On some (DSL) routers/firewalls the UPnP setting applies to all interfaces, thus enabling UPnP enables it on the WAN and LAN interfaces, on others it just enables it for the internal LAN interfaces. The only way of telling which one you have is to enable UPnP on the router, boot up a UPnP enabled device on a LAN port and then do an external open ports scan.
This post has been deleted by its author
As the earlier poster mentions, it's not just Xerox. I wonder how many manufacturers are affected?
Considering my prior experiences with Zebra, Xerox, Epson, and Lexmark... if he's *lucky* they'll just tell him to f*ck off.
If they're on their usual behavior, they'll send all of the lawyers over.
He was able to get 160,000 printers doing stuff?
I have enough trouble getting just one printer to do anything at all.
God, life was so much simpler when printers had moving pins and paper had detachable strips with holes in. The most we had to worry about was if you needed CRLF or just LF, and whether £ was £ or just #. These days printers are so much more capable...and accordingly so much more a pain in the ass.
So I take my hat of to him simply for getting results out of that many printers.
My big beef with these printers is that they don't come with programming manuals anymore. I remember when I got my first printer, an Epson LQ-100, and it came with a nice, thick book explaining all the escape sequences one can send from BASIC. Spend enough time on it and you could practically draw really nice graphics.
Those were the days.
Also, back in those days you could practically get ISO/A2 printers off the shelf - I have a NEC P6300 with the color kit installed. It could do ISO/A2 color prints. Can't do that without spending big bucks on a large format printer nowadays.
I remember when I got my first printer, an Epson LQ-100, and it came with a nice, thick book explaining all the escape sequences one can send from BASIC. Spend enough time on it and you could practically draw really nice graphics.
I once wrote barcode printing software for the Psion Organiser II, and in the process I learned a very important lesson: print heads get warm. I had a Star SR10, and I accidentally scaled a barcode wrong so it printed out a solid page of black (one bar - let's say I was off a bit :) ). Somewhere along the second page of black it jammed, made a very ugly sound and the entire ribbon cartridge came flying out, taking the lid above the printhead with it.
It turned out the printhead had no thermal cutout, and by making it print solid black it overheated and jammed. This meant a few pins stuck out, and as it just reached the end of line, the carriage return meant the print pins (already busy deeply gauging the rubber roll on their way back) met the ink ribbon going in the opposite direction, so something had to give. Which turned out to be pretty much everything :).
On the plus side, I already had my eye on the newly released Canon Bubblejet 130 (130 was the wide carriage version) so life became a lot quieter after that - still the same EPSON commands for graphics, though.
Yes, fun times :).
What would you do with a manual today? Nobody - but for very niche printers, maybe - codes for a specific printer language (only maybe standard ones like Postscript or PCL, again for very specific needs). You let the OS turn drawing primitives into specific printer commands. After all, even to reach the printer itself you need to access the USB layer (for a local printer) and that usually require some sort od driver.
I still remember when if your printer was not supported by your word processor, you could try to add it yourself using some arcane and little documented utility, or the time spent trying to adapt your software to the damned printer your customer bought. Good it's no longer needed.
I also worked on PoS systems, but that's really a different world.
>What would you do with a manual today?
Write a Linux driver for it!
or even write an NT4/W2K3/XP/7 driver for a modern printer that only comes with Win10 driver support...
Whilst I fully understand the lack of manuals in the box, what is irritating is the lack of such reference documentation available on the relevant vendor website.
God, life was so much simpler when printers had moving pins and paper had detachable strips with holes in.
No it wasn't.
Feed wheels going out alignment, ribbon jams, paper mis-feeds, print jobs colliding (several people sending prints at the same time and it throwing a wobbly), head jams, and the noise...oh god the noise!
One in a room bearable, 20 in accounts, time for a soundproofed room!
Seriously? This was the "disturbing" ASCII art?
Sweet Azathoth's Nebular Nodes, we were experiencing better quality ASCII art, both of the distiurbing and non-disturbing schools, back in the 1970s, ASCII art that makes these efforts look like kindergarten crayonings in comparison.
I've a particularly nice pair of recumbant tigers on a twelve-foot ribbon of greenbar tractor-feed in storage that dates from 1975 that is a 3D composition - with decent vanishing point perspective and stuff - that was run off on an ICL barrel printer (and that was archived by the owner on punched cards), and I recall a fine Mona Lisa and an El Greco interpretation also being popular subjects for late night unauthorized paper budget dinging. There was also a magnificent five-foot rendering of the Golden Gate Bridge now I come to think on it.
Pfft, sir! Pfft!
I remember seeing an astounding piece of ASCII art in the early 1980s. It was a picture of a mountain climber hanging off a cliff, printed on several lengths of 132 column line printer paper. The whole picture was hung on a wall, occupying something like a 6x4 foot space on the wall (I may have the dimensions over-blown due to poor memory, but it definitely filled a large part of the wall).
I believe that it was printed from a card-deck, with just enough JCL to directly print from the deck to the line-printer.
Apparently, printing it on the University's central line printer was banned, and several people got into real trouble, and had their copy of the card deck confiscated when trying to print it.
I remember going to fun fairs and events like that in the late 1970ies / early 1980ies, and there usually was at least one stall where you could buy all kinds of ASCII art and watch it being printed.
At some stalls you could even get your portrait printed out as an ASCII graphic and for a couple of [insert local currency] more transferred to a cheap t-shirt.
At that time, as a nerdy kid, better than going on the roller coaster.
"The hijacker says he or she wrote a script that scanned for insecure public-facing devices with open RAW, Internet Printing Protocol, and Line Printer Remote services – running on network ports 9100, 631, and 515, respectively – and fired over print jobs."
Yes, it all goes back to user or IT mistakes. As mentioned above -- leaving ports open, not updating firmware, not having good user policies in place, etc. There's a great blog that gives you ideas on how to make sure your printer is protected including reviewing an existing security policy and assessing network vulnerabilities. You can read the rest of the blog here. It's a bitly: /2korB0y
--Karen Bannan for IDG and HP
Good security policy is not to follow shortend urls.
Good security is knowing how to preview them (so I would agree with you that it should be offered in the preview version).
The actual link is https://www.tektonikamag.com/index.php/2016/12/02/hackers-know-your-printers-vulnerabilities-do-you/, which you could have previewed by adding a "+" sign to the bit.ly URL - observe: http://bit.ly/2korB0y+ - you even get to see the statistics (as a link shortener is also a perfect tracking device).
As for the target article in question, it's a bit meh as it appears to have been for managers and only applies to smaller devices. Printer security for larger devices goes also into encrypted onboard storage with access control, secure queue deletes etc.
Good security is knowing how to preview them
Yes, it is useful to do some background checks, as it would seem that "Karen Bannan" and "Tektonika" are names being used by HP marketing - see
https://disqus.com/by/Karen_Bannan/ - note the absence of comments on anything other than HP printers.
https://www.tektonikamag.com/index.php/about-us/ - note the contact email tektonika@hp.com
>Karen Bannan for IDG and HP
"There's a great blog that gives you ideas on how to make sure your printer is protected "
I wonder if the limitations of HP Secure Print we found when developing an (enhanced) secure print environment for a UK government department back in 2007 have been fixed yet...
Twatter is in the public domain. Anything you post there is fair game to be republished. Copyrighted images excepted except that if it's yours you probably signed over the copyright to Twatter to be able to send it.
It's very old advice but still very applicable - If you wouldn't want it published on the front of your local newspaper don't post it on the fucking internet.
hmm, indeed I was thinking that... can replicate that by just scanning everything for port 9100 and then just sending some postscript to it... for the really lazy, you can just hit http:\\ipaddress|DNSname:9100 in a browser to make it print something, although all it'll be printing is the GET request and your user agent string...
It's either UPNP being it's usual helpful self (i.e. too helpful and opening up everything), or people with absolutely no clue what they're doing and routing ports themselves.
There is *no* reason 99.9% of the printer owning population of the world would want or need their printer to be visible from the intertubes.
The 0.1% who do should be the ones who have to jump through hoops to do it and have it done properly (VPN).
The IoT is going to be a lot of fun for some people.
A while ago I was searching for an error that an HP printer had thrown up. Rather than an explanation of the error, instead I got a listing of the publicly accessible web admin pages of a bunch of similar printers.
I did send an email pointing out the problem where ever I could find a contact, but never got any replies.
I remember finding open printers back in '01. The HP ones were fun because you could easily monitor and get a copy of the print jobs....
There was one poor company I did something similar to. Each day for a couple weeks I'd print a nice message letting them know their print jobs were hacked. They ignored it though as the same printers were still open a few months after that.
I also figured out how to remotely change those fun LCD displays to show any message I wanted. At one company I worked I had the printers show a message calling a particular manager a dick head. Much to my chagrin no one ever said anything about it.
Eventually I got bored and moved on to securing networks.
So here we have devices with security holes that have been around for at least 15 years and we expect these same companies to magically do a better job?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
