A hacker is forcing thousands of unsecured printers to print warnings about being part of a botnet and leaving port 9100 open to external connections If your printer printed a “YOUR PRINTER HAS BEEN PWND’D” message from “stackoverflowin,” then it’s just one of more than 150,000 printers that has been pwned. Although the message likely referenced your printer being part of a botnet or “flaming botnet,” the hacker responsible says it’s not and that he is trying to raise awareness about the pitiful state of printer security.One of the messages the hacker caused to print was:stackoverflowin the hacker god has returned, your printer is part of a flaming botnet, operating on putin’s forehead utilising BTI’s (break the internet) complete infrastructure.Another stated:stackoverflowin has returned to his glory, your printer is part of a botnet, the god has returned, everyone likes a meme, fix your bullsh*t.Yet another stated: stackoverflowin/stack the almighty, hacker god has returned to his throne, as the greatest memegod. Your printer is part of a flaming botnet.Over the past several days, a variety of popular printer brands have been affected, including HP, Epson, Canon, Brother and Samsung. Nexus Consultancy reported that Afico, Konica Minolta and Oki have also printed out warnings from stackoverflowin. If it happened to you, you might want to start by closing port 9100 on your router because that is how the hacker is connecting and then sending a print job to the printer. Next, add an admin password to your printer.This is the latest in a series of recent warnings about what can happen if your printer is connected online without having the right security. At the end of January, three security researchers—Jens Müller, Juraj Somorovsky and Vladislav Mladenov—described attack scenarios based on network printers and published their research paper “SoK: Exploiting Network Printers” (pdf). They talked about their Printer Exploitation Toolkit (PRET), a tool developed for their Master’s thesis at Ruhr University Bochum; it allows people to check if their printer is secure “before someone else does.”They evaluated 20 different printer models and showed “that each of these is vulnerable to multiple attacks.”Jens Müller, Vladislav Mladenov, Juraj Somorovsky As seen in “SoK: Exploiting Network Printers” by Jens Müller, Vladislav Mladenov and Juraj SomorovskyIn addition, the researchers put together a Hacking Printers Wiki, which lists various attacks on network printers, such as denial of service, privilege escalation, information disclosure, code execution and print job access. One method of attack involves forcing a network printer to print via port 9100, and another involves cross-site printing.Fast forward a few days, and there was a post by Kur0sec, “How to make 60,000 printers print whatever you want.” Although it got flamed on Reddit’s netsec, reports of printers printing stackoverflowin’s rogue messages about being part of a “flaming botnet” started to appear.+ What do you think? Share your thoughts about the printer hack +There are a variety of takes on the message, according to images posted on Twitter. Even if your printer coughed up such a warning, that does not mean it is part of a botnet. At least, that is what Stackoverflowin said before referencing Weev’s 2016 printer experiment, which forced printers to print “racist flyers.” He told Bleeping Computer that he’s not into that, as he is “about helping people to fix their problem” while also “having a bit of fun at the same time.”Stackoverflowin told Bleeping Computer that his script targets printing devices that have Internet Printing Protocol (IPP) ports, Line Printer Daemon (LPD) ports, and port 9100 left open to external connections.The script also includes an exploit that uses a remote code execution vulnerability to target Dell Xeon printers. “This allowed me to inject PostScript and invoke rouge jobs,” Stackoverflowin told Bleeping about the RCE vulnerability’s role.You may not have been amused if this happened to you, but it should at least serve as a warning for you to take security more seriously. Printing a warning message is one of the least damaging attacks listed by the researchers, so why not lock it down now before a truly vicious attack knocks on your open printer door? As the hacker said of port 9100, “For the love of God, please close this port, skid.” Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe