Mystery Document Appears On Thousands Of Printers Asking For YouTube Support
By: Jim Stickley and Tina Davis
January 10, 2019
There’s nothing wrong with a bit of competition between friends…or YouTube stars. It’s apparently a big deal to have the most YouTube followers and up until recently, the king of that was a Swedish game commentator and YouTube personality that goes by the name PewDiePie. His total currently is around 72.6 million followers. That was threatened recently and caused a Twitter user that goes by TheHackerGiraffe to go to bat for the Swede and print messages to accessible printers begging for the recipients to follow PewDiePie.
That random message that just came out of thin air from the printer should not be ignored. In this case, the hacker scanned the Internet looking for open printer ports. As a result, over 50,000 of printers received the message to unsubscribe to the competition, an Indian record label called T-Series, and subscribe the PewDie Pie. As a “bonus,” users were also asked to subscribe to several others.
This isn’t a difficult trick to pull off. In fact, all it takes is using automated scripts to find printers with certain ports open over the Internet. This hacker used a line of code short enough to fit into a single tweet. In 2016, the hacker Weev sent anti-Semitic messages to thousands of printers with these open ports.
So often ports are left open to the Internet. Sometimes it is due to accident or ignorance and other times, laziness. While this incident was relatively harmless, it doesn’t mean the next one will be.
While you think that someone merely sending documents to your printer is harmless, there are other threats to consider should someone get access:
- Using the printer to transmit faxes. If the faxes are meant for healthcare organizations or a financial institution, it could lead to healthcare or financial fraud.
- Launching Denial of Service (DOS) attacks to the printer. This could cause it to lock up, which means time spent trying to fix it and probably a lot of angry colleagues.
- Intercepting print jobs going to the printer.
- Installing malware on the printer that could allow remote control of it.
Steps to take to prevent access to your printers:
- Use an encrypted connection when accessing the printer’s administrative features.
- Use access control lists (ACL) whenever possible.
- Certainly do not open the printer’s web interface to the Internet.
- Consider disabling allowing printing via IPP or FTP.
- Change the default SNMP community names to something strong and less likely crackable.
- Keep your printers updated with the latest firmware and drivers.
- Destroy and dispose of any internal hard drives on printers you no longer need.
Of course, remember the physical security basics too. Let employees know that it’s necessary to retrieve documents off printers immediately after printing, lest they get sidetracked and forget a confidential document. Secure printers so that those with unauthorized access cannot easily get to them and never let a visitor roam around unescorted. That’s a great opportunity for documents left on printers to be snatched.