Nearly 28,000 printers 'hacked' over the internet: What to do

Man's hands operating office printer.
(Image credit: A_stockphoto/Shutterstock)

The security-news website Cybernews announced today that it had "hacked" nearly 28,000 printers worldwide in a stunt to "raise awareness of printer-security issues."

That's a worthy cause, as many owners and administrators of networked printers don't properly secure them. But Cybernews' "hack" wasn't a hack at all, actually. Instead, Cybernews used common printing commands to print documents on remote printers, exactly as the printers had been designed to do.

This was possible because these networked printers were set up to receive print jobs over the internet without any authorization. So Cybernews commanded the printers to print out a five-page document instructing the printers' owners and operators on the basics of printer security.

If this sounds familiar, it's because this has been done before. In 2016, the notorious internet troll Andrew Auernheimer, aka "Weev," used similar methods to get 20,000 printers (his number) to spit out a one-page racist manifesto, complete with giant swastikas. 

In 2017, a pseudonymous hacker called "Stackoverflowin" did the same thing, only sending a brief message to close open internet ports instead of a racist screed.

Like Cybernews and Stackoverflowin, Auernheimer scanned the internet for printers that were open to the internet and would receive remote commands. However, he told Vice Motherboard that he "did not hack any printers," but instead "sent them messages, because they were configured to receive messages from the public."

Now despite the warnings in Cybernews' blog post, just because your printer can receive print jobs over the internet doesn't mean it can be completely hacked. But exposing your printer to the internet does make that easier.

To make sure your printer isn't accessible online, tweak the firewall settings on your home (or office) router to block port 9100, the most commonly used port of internet printing. If you can find a similar setting in your printer's administrative interface, block the port there as well.

Cybernews adds two more tips to protect your printer from miscreants, whether it's connected to the internet or not. 

First, make sure your printer's firmware is up to date. You may have to poke around on the manufacturer's website to find new updates. Second, see if you can change the default administrative password for the router.

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.