stackoverflowin says "Your printer has been owned"

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • mx6turbo89
    Trusted Tech

    Site Contributor
    100+ Posts
    • Oct 2013
    • 154
    #1

    stackoverflowin says "Your printer has been owned"

    A customer of mine got this printout on their copier earlier this week: Robot.pdf Seemed harmless.
    The morning after, they got a full color "Good morning" printout (they actually liked this and thought I had done it remotely). Today, they received a 1999-page full color printjob of a dude sucking a schlong. Of course, an office full of women did not appreciate this material. Thankfully, they managed to stop it after nearly a ream of paper was gone through. I then got a personal call from them screaming at me to get there ASAP.

    After doing some quick research, apparently there's a hacker out there connecting to wide-open network printers to make us 'aware' of the lack of security on printers. While the notice is appreciated, we could have did without the crude printout. To fix this, I ended up turning off IPP, changing the admin password, and turning off Airprint and Mopria. At the customer's router, I disabled DMZ (it had the printer IP wide-open to the net for some unknown reason) and ensured that Port 9100 was blocked.

    Have any of you all out there encountered anything like this yet?
    Last edited by mx6turbo89; 02-10-2017, 04:09 AM.
    Tags: None
    • KenB
      Geek Extraordinaire

      2,500+ Posts
      • Dec 2007
      • 3945
      #2
      Re: stackoverflowin says "Your printer has been owned"

      Sounds like this customer could use some serious , billable, IT services to secure things up a bit. If they're silly enough to leave their printer wide open, what else are they exposing?

      At one time, around 1998 or so, I had a major university with about 90 Canon MFPs, and 2 production models with Fieries.

      They were ALL on the public internet, and I was able to connect and print to any of them from wherever I fancied. Not that I would or did.

      Fortunately for them, they wised up a bit once they had about a zillion "invasions", and locked everything down a bit more.

      Good thing the Internet was much more of a novelty back then!
      “I think you should treat good friends like a fine wine. That’s why I keep mine locked up in the basement.” - Tim Hawkins

        Comment

        • KenB
          Geek Extraordinaire

          2,500+ Posts
          • Dec 2007
          • 3945
          #3
          Re: stackoverflowin says "Your printer has been owned"

          Maybe 2 or 3 years ago, I had an eCopy account that was pretty well out in the sticks.

          They had a Ricoh MFP.

          I had a hunch they were sadly lacking in the security department; turned out I was right.

          One day, from their parking lot, I sat in my car, searched for wireless networks with my phone, and connected to theirs, all without a password.

          From there, I was able to print to the Ricoh machine.

          I walked in and showed the owner what I found, and was able to do. He thanked me and said he'd get his IT guy on it the same day.
          “I think you should treat good friends like a fine wine. That’s why I keep mine locked up in the basement.” - Tim Hawkins

            Comment

            • KenB
              Geek Extraordinaire

              2,500+ Posts
              • Dec 2007
              • 3945
              #4
              Re: stackoverflowin says "Your printer has been owned"

              I just re-read your post.

              I can't say this loudly enough... this is NOT a printer issue!

              Even if IPP printing is turned on, (some customers have a legitimate need for it), it is the customer's responsibility, NOT ours, to keep THEIR network secure.

              With that said, though, you should always turn off all unnecessary protocols on the printer (including IPP, as long as it's not required) at installation time. It's a good practice to get into.

              It's a lot easier (and safer) to have some printing fail, and need to enable some protocols, than to leave it all wide open, inviting gremlins.
              “I think you should treat good friends like a fine wine. That’s why I keep mine locked up in the basement.” - Tim Hawkins

                Comment

                • mx6turbo89
                  Trusted Tech

                  Site Contributor
                  100+ Posts
                  • Oct 2013
                  • 154
                  #5
                  Re: stackoverflowin says "Your printer has been owned"

                  Originally posted by KenB
                  I just re-read your post.

                  I can't say this loudly enough... this is NOT a printer issue!

                  Even if IPP printing is turned on, (some customers have a legitimate need for it), it is the customer's responsibility, NOT ours, to keep THEIR network secure.

                  With that said, though, you should always turn off all unnecessary protocols on the printer (including IPP, as long as it's not required) at installation time. It's a good practice to get into.

                  It's a lot easier (and safer) to have some printing fail, and need to enable some protocols, than to leave it all wide open, inviting gremlins.
                  Ken, I agree, definitely not a printer issue. But at the time, the customer was highly irate from having been exposed to smut printing out of their machine and, to top it off, having lost a bunch of color clicks which they cannot get back. Naturally, they now think the machine is insecure, so I tried to appease them by turning nearly everything off. I spent quite a while there trying to tighten things down for them. Their router wasn't even locked down correctly (still had default user and password, which I guessed and accessed within 10 seconds). This scenario is similar to many other small businesses that I run into; no knowledge or thought given to networking security. I explained everything as best I could and they will be billed next time.

                  By the way, here's a link that came out several days ago about a 'hacker's' claims: Hacker Claims He Hacked 150,000 Printers to 'Raise Awareness' About Hacking

                    Comment

                    • KenB
                      Geek Extraordinaire

                      2,500+ Posts
                      • Dec 2007
                      • 3945
                      #6
                      Re: stackoverflowin says "Your printer has been owned"

                      I certainly don't agree with the obscenities, but in a way, this self-righteous whackadoodle really is providing a public service, crude as he may be.

                      He is drawing attention to a frequently overlooked security issue that can have potententially disastrous consequences if ignored.
                      “I think you should treat good friends like a fine wine. That’s why I keep mine locked up in the basement.” - Tim Hawkins

                        Comment

                        Previous template Next
                        Working...