Here at EBI, we are all about information security. You have to be when you handle people’s most sensitive data. While your company might not manage as much delicate information as we do, a hacker gaining access to your records or work product could still be devastating.
An article on BleeepingComputer.com revealed that a hacker, who calls himself Stackoverflowin, exposed a serious hole in IT security. The hacker claims to have infiltrated more than 150,000 printers that were left exposed online. That means they did not have a firewall or other security settings enabled. Stackoverflowin claims he only had the best of intentions. He wanted to show companies the risk they are taking by not protecting this seemingly innocent piece of equipment.
Printers are not simple items to be taken for granted. If your printer has an internal drive, as many do these days, it can store print jobs, scans, copies and faxes. Hackers can actually eavesdrop on your network printer traffic, which means they could capture the documents you send to print.
Now, back to our friend Stackoverflowin. The hacker wrote script that would search for open printer ports, and send and print a message on those machines that were not protected. The message was printed out in huge corporate headquarters, small family businesses and everything in between.
The note read:
“Stackoverflowin the hacker god has returned, your printer is part of a flaming botnet, operating on putin’s forehead utilizing BTI’s (break the internet) complex infrastructure. For the love of God, Please close this port, skid.”
The message was part joke, part warning. Stackoverflowin even included his twitter handle in case people had questions. He told Bleeping Computer that this entire effort has been about helping people, while having a little fun at the same time.
A new academic paper authored by Jens Müller, Vladislav Mladenov and Juraj Somorovsky of Ruhr-University Bochum in Germany found some serious security flaws that would allow attackers to violate some of the biggest brand name printers in the world, including Dell, HP, Lexmark, Brother and Samsung. Check out the chart below:
SOURCE: Web In Security
The study found that remote hackers can steal passwords, lift printed documents stored in the device’s memory or take control of the printer all together. The group created a tool kit for businesses to troubleshoot their system. But the most important message is that the overall state of printer security needs to be addressed, regardless of the size of your business.