Mass attack worldwide on internet-exposed printers

An unknown hacker has taken it upon himself to warn users that their unprotected internet-connected printers can be remotely exploited, by printing out warning messages from the devices.

Warning message sent to Happy Joe's Pizza in the United States. Credit: Happy Joe's.

Over the weekend, several users took to social media to post photographs of warning messages emanating from their printers.

The hacker, who calls himself Stackoverflowin, is automatically sending out instructions to exposed devices to generate a message telling users their printers have been "pwned" and are now "part of a flaming botnet". The message includes an ASCII art rendering of a robot from the Mec Warrior video game.

Stackoverflowin is also imploring users to "close this port, skid" to avoid their printers being attacked in the future.

While some users saw the lighter side of the warning, others were left confused when their printers generated the unexpected warning message. As of writing, the attacks are continuing around the world.

Stackoverflowin claimed to have attacked some 150,000 printers, running a script that targets devices with the internet printing protocol (IPP) enabled on transmission control protocol (TCP) port 9100.

A scan on the Shodan.io vulnerability reporting site showed just over 147,000 printers connected to the internet with IPP listening on TCP port 9100. Most (almost 65,000) are in the United States, while Australia shows up as having 2700.

The attacks follow the publication last week of advisories and security research that demonstrated a large amount of networked printers are remotely exploitable and contain vulnerabilities that are unlikely to ever be fixed.