LPD

1 Articles

Weaponized Networked Printing Is Now A Thing

December 7, 2018 by 37 Comments

It’s a fairly safe bet that a Venn diagram of Hackaday readers and those who closely follow the careers of YouTube megastars doesn’t have a whole lot of overlap, so you’re perhaps blissfully unaware of the man who calls himself [PewDiePie]. As such, you might not know that a battle between himself and another YouTube channel which uploads Bollywood music videos has reached such a fever pitch that his fans have resorted to guerrilla hacking to try to sway public opinion towards their side. It’s perhaps not the dystopian future we imagined, but it just might be the one we deserve.

To briefly summarize the situation, a hacker known only by the handle [TheHackerGiraffe] decided to help out Dear Leader by launching an automated attack against 50,000 Internet connected printers. When the hack was successful, the printer would spit out a page of digital propaganda, complete with fist ASCII art, that urged the recipient to go on YouTube and pledge their support for [PewDiePie]. There’s some debate about how many of the printers [TheHackerGiraffe] targeted actually delivered their payload, but judging by reactions throughout social media, it was enough to get the message out.

While the stunt itself may have come as a surprise, the methodology wasn’t. In fact, the only surprising element to the security researchers who’ve weighed in on the situation is that this hasn’t happened more often. It certainly isn’t the first time somebody’s done it, but the fact that this time its been connected to such a high profile Internet celebrity is putting more eyes on the problem then there have been in the past. Now that the proverbial cat is out of the bag, there are even websites springing up which claim to be purveyors of “Printer Advertising”. Odds are good this won’t be the last time somebody’s printer starts running off more than TPS reports.

We here at Hackaday don’t have much interest in the battle for YouTube supremacy. We’re just pulling for Dave Jones’s EEVBlog channel to join [AvE] in breaking a million subscribers. But we’re very interested in the technology which made this attack possible, how likely it is we’re going to see more people exploit it, and what are we supposed to do now that even our own printers can be turned against us?

Continue reading “Weaponized Networked Printing Is Now A Thing”