A battle for who owns the YouTube crown for top channel has been waged over the past few months between fans of Swedish video game commentary celebrity Felix “PewDiePie” Kjellberg and of the Bollywood label T-Series.
This is getting serious: It’s one thing when a fan launches a PewDiePie “Bro Army,” structured to recruit members’ friends and family in order to keep PewDiePie at the top, replete with “Privates” and “Corporals.”
But now, the printers are in on it. As The Verge reports, somebody hacked printers worldwide to print pro-PewDiePie propaganda.
Here are some Tweets showing the messages the printers were forced to spit out:
So this just randomly printed on one of our work printers. I think @pewdiepie has hacked our systems. pic.twitter.com/wSG9cprJ4s
— Dr.Moxmo (@Dr_Moxmo) November 29, 2018
@grandayy @DolanDark @pewdiepie ok so basically a printer at a friend's workplace got hacked. not complaining pic.twitter.com/DcNGrKlbXj
— Rob (@apex2504) November 27, 2018
The printers were indeed hacked, but it’s not the vlogger who’s behind it. Rather, responsibility has been claimed by somebody who says they were doing it after 1) getting bored playing Destiny 2 for four straight hours and then 2) screwing around with Shodan to see what mischief they could get up to.
Here’s the tale, told by @HackerGiraffe:
https://twitter.com/HackerGiraffe/status/1068714506770149376
As we’ve reported in the past, the security of networked office printers is pretty squishy.
For example, in February 2017, German researchers reported that they’d found several ways to exploit access to networked printers through RAW printing on port 9100.
Popularized by HP’s JetDirect in the 1990s, port 9100 was configured for remote maintenance by admins, although it can also be used to print. Other examples of direct access include the Internet Printing Protocol on port 631 and the old Unix Line Printer Daemon (LDP) on port 515.
After they learned about those three printing protocols, TheHackerGiraffe says they searched for the protocols on Shodan: the search engine for exposed devices and databases. The port 9100 vulnerability is found on hundreds of thousands of printers worldwide, leading the hacker to hit the Shodan jackpot:
https://twitter.com/HackerGiraffe/status/1068715462199005189
From there, TheHackerGiraffe decided to print a message in support of “our dear overlord @pewdiepie himself!”
The hacker claims that they used a tool called PRET – the Printer Exploitation Toolkit – that, according to its GitHub page, allows attackers to “captur[e] or manipulat[e] print jobs, [to access] the printer’s file system and memory or even caus[e] physical damage to the device.”
The hacker said the stunt wasn’t meant maliciously. Rather, it was done to bring people’s attention to printers’ vulnerability:
https://twitter.com/HackerGiraffe/status/1068169400166031365
As of Friday, The Verge was looking for proof that TheHackerGiraffe was behind the attack. The news outlet quoted the hacker, who said that first off, the attack could have done serious damage. Second, they’d pulled it off in a mere half hour, start to finish:
People underestimate how easy a malicious hacker could have used a vulnerability like this to cause major havoc. Hackers could have stolen files, installed malware, caused physical damage to the printers and even use the printer as a foothold into the inner network.
The most horrifying part is: I never considered hacking printers before, the whole learning, downloading and scripting process took no more than 30 minutes.
TheHackerGiraffe certainly wasn’t the first to discover the vulnerability, and they weren’t the first to hack thousands of printers to get the point across. In February 2017, a hacker called Stackoverflowin caused 150,000 printers worldwide to cough up this message:
Stackoverflowin has returned to his glory, your printer is part of a botnet, the god has returned, everyone likes a meme, fix your bulls***… For the love of God, please close this port, skid.
Over the next 24 hours, tweaks of that same message spewed out of printers made by manufacturers including HP, Brother, Dell, Canon, Samsung, Epson, Lexmark, Oki and Ricoh.
Is your printer potentially a pro-PewDiePie platform?
As we said with regards to the “please close this port, for the love of God” attack, every printer is different. Here are some ways to button up some of the vulnerable ones:
- The affected printers in the 2017 attack were all networked models, potentially including wireless models.
- Printers with built-in management can be vulnerable if they can be accessed remotely, so make sure to change the default password.
- Make sure your firewall is properly configured.
- Don’t leave your printer switched on if you’re not using it.
Printers aren’t just passive boxes. If they’re hooked to the network, they can be put to work shilling for whatever favorite cause a bored gamer who plays around with Shodan decides on. Worse still, they can be damaged.
Don’t let your office workhorse become collateral damage in the Bollywood-PewDiePie dance-off… or any other weirdness the internet coughs up!
Tim Boddington
“The most horrifying part is: I never considered hacking printers before, the whole learning, downloading and scripting process took no more than 30 minutes.” I hacked a Univac 1004 around 1971 by loading a boot record into the printer’s buffer then booting the machine from the printer! Primative maybe, but enough to confuse the operator in those far off days. (The 1004 would normally have been booted from an 80 column punched card.)
Daniel
We reside in Spain and our office printers just got hit by this attack. Continuous bogus data printed out, sometimes as jpg source sometimes whatever the printer spits out. We need firewalls lol.
Mahhn
“We need firewalls lol.” LOL – Sophos has a free one!
Wilderness
Yeah, until you get your assets behind a firewall, you’re basically offering them up as a public service :-)
cdoggyd
One more reason to NOT like PewDiePie.
scagsec
9 year olds are so talented these days
Anonymous
What idiot puts a network printer on the open Internet
Anonymous
I just used Google Street View to check out my hometown and noticed thousands of unprotected glass windows, any one of which could be smashed easily by a brick-wielding vandal. So I went and smashed one in every sixteen of the Windows myself. Because people gotta learn.
Justin
Our Enterprise-grade copiers take minutes to turn on, and then further minutes to fully boot up all services. Having them off unless in use is not exactly a scalable solution. We do however have strong site-level and whole of enterprise firewalls, so I am fairly confident that our on-site equipment is safe.
For personal gear off-site, yes, having the printer/copier turned off is probably more feasible. And the power bill might be something that you’re more interested in.