Just before the long weekend, Brown University, Princeton University and many more received an unwelcome gift from a hacker in the form of printers spewing out anti-semitic and racist messages.
These messages were not scheduled by a disgruntled employee but rather a black hat hacker who connected to the internet-facing printers and began the onslaught of vitriol.
The hack was executed by Andrew Auernheimer who is perhaps better know by his screen name, Weev.
Back in 2010, Auernheimer was convicted of identity fraud and conspiracy to access a computer without authorisation when he discovered a publicly accessible AT&T server which exposed the email addresses of iPad users.
Many argued that Auernheimer had done nothing wrong since the server was publicly available and in April 2014, the US Court of Appeals overturned his conviction, with Auernheimer’s release following soon after.
While this printer hack was Auerheimer’s way of spreading his message it does bring to light the issue of security in the ever growing Internet of Things.
“I wanted to take a little time out of my day to show them [white supremacists] how easy it is to make the world move with as little as a bash one-liner”, Auernheimer said in a blog post.
And oh, how easy it is.
Using an IOT search engine known as Shodan, Auernheimer was able to find some 30 000 printers connected to the internet with port 9100 listening out for print commands. All it took then was sending a postscript file to the printer and waiting for chaos to descend.
This is a problem that has been outlined by John Matherly, creator of Shodan, and others as far away back as a decade ago according to Security Ledger but apparently these vulnerabilities still exist.
While many of the victims of Auernheimer’s attack have taken measures such as installing fire walls, the attack has brought the matter of IOT security to the fore once again.
You see, while it may be great that you can print that presentation off while stuck in traffic, a black hat hacker could be waiting for the right moment to pounce.
Cyber criminals are getting smarter by the day and giving them any gap in your PC, your network or indeed your printer could result in far bigger problems than an influx of offensive printouts.[Via – Security Ledger] [Image – CC BY/2.0 frankieleon]