1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Mischievous hackers could use a simple trick to send printers ber

    From TechnologyDaily@1337:1/100 to All on Wed Nov 24 15:45:04 2021
    Mischievous hackers could use a simple trick to send printers berserk

    Date:
    Wed, 24 Nov 2021 15:31:58 +0000

    Description:
    New report highlights the various dangers posed by vulnerable printers.

    FULL STORY ======================================================================

    In a new paper , researchers have highlighted a selection of attacks that demonstrate the risks posed by wireless printers that have been secured improperly.

    Authored by security analysts Giampaolo Bella and Pietro Biondi, the report unpacks three attack vectors (referred to collectively as Printjack) that could be used to hijack the many thousands of printers with a publicly accessible TCP port 9100, which facilitates network printing jobs.

    One attack in particular, described as paper denial-of-service (DoS), could
    be used to troll printer owners by triggering jobs remotely until their paper and/or ink supplies are exhausted. Supposedly, this attack can be carried out using a simple Python script. Not-so-funny printer attacks

    In comparison to other internet-connected devices, the measures in place to protect even the most modern printers are extremely basic, the researchers say. And although paper DoS attacks are relatively harmless, there are more sinister ways a hacker could abuse exposed machines.

    For example, a threat actor could hijack vulnerable printers for the purposes of launching distributed denial-of-service ( DDoS ) attacks, by combining a known vulnerability with a widely available proof-of-concept exploit.

    Beyond the fact the printer has become part of a cybercriminal campaign in this scenario, the machine itself would also suffer performance drops,
    consume more energy and degrade at a faster rate than usual.

    The paper also demonstrates an attack whereby a vulnerable printer is used to intercept the content of printed documents in plaintext form, which could
    have serious ramifications for any business handling classified data.

    Well beyond the technicalities of the attacks lies a clear lesson. Printers ought to be secured equally as other network devices such as laptops normally are, wrote Bella and Biondi.

    Simple measures include requiring authentication before someone is allowed to access the printer admin panel or launch print jobs. A number of issues could also be rectified by enabling IPSec-only printer connections.

    Since appropriate technology is available to mitigate the risks of the Printjack family of attacks, the biggest effort ahead of us seems to be the training of users to bear security and privacy measures also through their routine printing tasks, the report concludes. Check out our list of the best Black Friday printer deals

    Via BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/mischievous-hackers-could-use-a-simple-trick-to -send-printers-berserk/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)