Mischievous hackers could use a simple trick to send printers berserk

A simple Python script is all it would take

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

In anew paper, researchers have highlighted a selection of attacks that demonstrate the risks posed bywireless printersthat have been secured improperly.

Authored by security analysts Giampaolo Bella and Pietro Biondi, the report unpacks three attack vectors (referred to collectively as Printjack) that could be used to hijack the many thousands ofprinterswith a publicly accessible TCP port 9100, which facilitates network printing jobs.

One attack in particular, described as “paper denial-of-service (DoS)”, could be used to troll printer owners by triggering jobs remotely until their paper and/or ink supplies are exhausted. Supposedly, this attack can be carried out using a simplePythonscript.

Not-so-funny printer attacks

In comparison to other internet-connected devices, the measures in place to protect even the most modernprintersare extremely basic, the researchers say. And although paper DoS attacks are relatively harmless, there are more sinister ways a hacker could abuse exposed machines.

For example, a threat actor could hijack vulnerable printers for the purposes of launching distributed denial-of-service (DDoS) attacks, by combining a known vulnerability with a widely available proof-of-concept exploit.

Beyond the fact the printer has become part of a cybercriminal campaign in this scenario, the machine itself would also suffer performance drops, consume more energy and degrade at a faster rate than usual.

The paper also demonstrates an attack whereby a vulnerable printer is used to intercept the content of printed documents in plaintext form, which could have serious ramifications for any business handling classified data.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Well beyond the technicalities of the attacks lies a clear lesson. Printers ought to be secured equally as other network devices such aslaptopsnormally are, “ wrote Bella and Biondi.

Simple measures include requiring authentication before someone is allowed to access the printer admin panel or launch print jobs. A number of issues could also be rectified by enabling IPSec-only printer connections.

“Since appropriate technology is available to mitigate the risks of the Printjack family of attacks, the biggest effort ahead of us seems to be the training of users to bear security and privacy measures also through their routine printing tasks,” the report concludes.

ViaBleepingComputer

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

iStorage Group acquires Kanguru Solutions as it looks to expand security offering

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well