Home
Join

This computer hack will amaze you. It made me laugh.

Posted by Robert5205
General IT Security Printers, Copiers, Scanners & Faxes

Saw this while browsing. This is why I don't let my printers phone home.

https://www.engadget.com/2018/11/30/pewdiepie-printer-hack-thehackergiraffe/

Over the course of this week, some printers have been printing out a strange message asking people to subscribe to PewDiePie's YouTube channel. The message appears to be the result of a simple exploit that allows printers to receive data over the internet, including print commands. A person with the online handle TheHackerGiraffe has claimed responsibility for the attack.

Now, ask me again why you can't bring in your printer from home.

Spice (208) Reply (100)
Robert5205

Enter to win a Razer Basilisk Ultimate Hyperspeed Wireless Gaming Mouse w/ Charging Dock + Mouse Pad, RedThunder Wireless One-Handed Gaming Keyboard, 5 win Cable Management set 

Contest ends 2022-07-01 Contests Fill out the form fill, and answer the question below! Contest Details View all contests

100 Replies

  • Spice (54) flagReport
    2 of 5 found this helpful thumb_up thumb_down

  • It would amaze you how many people hook their computers and devices straight from the modem to the device with no firewall in the middle.

    Spice (24) flagReport
    Was this post helpful? thumb_up thumb_down

  • I am continually amazed how many people, including IT workers, cannot be bothered to put a password on the admin account of the embedded system of a printer.

    Spice (46) flagReport
    1 found this helpful thumb_up thumb_down

  • @Bdaman are you sure that they even have a firewall? Dumb people lol

    Spice (3) flagReport
    0 of 2 found this helpful thumb_up thumb_down

  • The Repairatrooper wrote:

    I am continually amazed how many people, including IT workers, cannot be bothered to put a password on the admin account of the embedded system of a printer.

    I have a feeling that 99% of printers in enterprise environment have no passwords set and from that 1% probably 3/4 of them have passwords that noone can remember...

    Spice (45) flagReport
    7 found this helpful thumb_up thumb_down

  • bucko wrote:

    The Repairatrooper wrote:

    I am continually amazed how many people, including IT workers, cannot be bothered to put a password on the admin account of the embedded system of a printer.

    I have a feeling that 99% of printers in enterprise environment have no passwords set and from that 1% probably 3/4 of them have passwords that noone can remember...

    Majority have password, but hey they are the default passwords. 

    Spice (36) flagReport
    1 found this helpful thumb_up thumb_down

  • The Repairatrooper wrote:

    I am continually amazed how many people, including IT workers, cannot be bothered to put a password on the admin account of the embedded system of a printer.

    Or leave it as the default "admin/admin" or "admin/{blank}".

    Spice (12) flagReport
    Was this post helpful? thumb_up thumb_down

  • This is one of the reasons I believe that those that their equipment hacked when they have a firewall have bigger problems then getting that virus fixed.  They have a firewall problem that allowed it to happen.

    Years ago when we first started setting up machines on the network we had a tech and customer that insisted on using the local ISP to assign the IP of the device.  Constant problems since after a few days the ISP would release and reassign IP's.  Did not affect printing so much but it did scanning as there was no email or SMB back then.  Only FTP and it went by IP.  I finally showed them I could print and even get here files in the scans folder from the shop.  That day they went and got a proper router for the day and separated themselves from the ISP.

    Spice (9) flagReport
    Was this post helpful? thumb_up thumb_down

  • Default passwords? It's not just printers. One of the first security sweeps we did found default passwords on almost every vendor-supplied piece of gear - HVAC modules and monitors, vendor-supplied PCs for monitoring, and even (vendor) Windows servers. (Honeywell, I'm looking at you.)

    One of the rules we have as a department policy is "no default or vendor-assigned passwords."  This caused some momentary friction with the copier-lease vendor who uses 12345678 for every password, but we triumphed.

    Spice (66) flagReport
    5 found this helpful thumb_up thumb_down

  • Robert5205 wrote:

    One of the rules we have as a department policy is "no default or vendor-assigned passwords."  This caused some momentary friction with the copier-lease vendor who uses 12345678 for every password, but we triumphed.

    My previous employer exactly.

    Every leased MFP in the district had 12345.  It's astonishing that no student had taken advantage of this before I left.  I'd changed the passwords in one building because of this and yes, that created a lot of tension with the lessor.  I ended up losing that battle.

    Spice (13) flagReport
    Was this post helpful? thumb_up thumb_down

  • Haha.. it's funny and scary at one time. I mean it looks like machines are rising against us.

    I was totally scared when someone hacked my account and was writing to me in my status window. If such thing will happen to my printer I would jump out of the window probably..

    Spice (8) flagReport
    Was this post helpful? thumb_up thumb_down

  • "Try this one weird trick!  Printers will hate you!"

    Spice (63) flagReport
    6 found this helpful thumb_up thumb_down

  • Some customers I've been able to eliminate printing all together. The rest have at least basic security measures.

    Spice (3) flagReport
    Was this post helpful? thumb_up thumb_down

  • Robert5205 wrote:

    Default passwords? It's not just printers. One of the first security sweeps we did found default passwords on almost every vendor-supplied piece of gear - HVAC modules and monitors, vendor-supplied PCs for monitoring, and even (vendor) Windows servers. (Honeywell, I'm looking at you.)

    One of the rules we have as a department policy is "no default or vendor-assigned passwords."  This caused some momentary friction with the copier-lease vendor who uses 12345678 for every password, but we triumphed.

    Really? They could not even be bothered to add 9 to the end.

    Spice (14) flagReport
    Was this post helpful? thumb_up thumb_down

  • Robert5205 wrote:

    Default passwords? It's not just printers. One of the first security sweeps we did found default passwords on almost every vendor-supplied piece of gear - HVAC modules and monitors, vendor-supplied PCs for monitoring, and even (vendor) Windows servers. (Honeywell, I'm looking at you.)

    One of the rules we have as a department policy is "no default or vendor-assigned passwords."  This caused some momentary friction with the copier-lease vendor who uses 12345678 for every password, but we triumphed.

    This is funny - I'm dealing with this with Canon right now.  They requested that I set all the printers back to the default admin username/password.  I kindly said no.

    Spice (10) flagReport
    1 found this helpful thumb_up thumb_down

  • The Repairatrooper wrote:

    Robert5205 wrote:

    Default passwords? It's not just printers. One of the first security sweeps we did found default passwords on almost every vendor-supplied piece of gear - HVAC modules and monitors, vendor-supplied PCs for monitoring, and even (vendor) Windows servers. (Honeywell, I'm looking at you.)

    One of the rules we have as a department policy is "no default or vendor-assigned passwords."  This caused some momentary friction with the copier-lease vendor who uses 12345678 for every password, but we triumphed.

    Really? They could not even be bothered to add 9 to the end.

    OH - it is often so much worse - Often these systems limit you to 8 character passwords.

    Spice (5) flagReport
    Was this post helpful? thumb_up thumb_down

  • Man... he really missed a golden opportunity to print some pretty hilarious or obscene stuff and instead chose to ask people to subscribe to his favorite YouTuber's channel.... At first I was impressed but now I'm just sad.

    Spice (16) flagReport
    Was this post helpful? thumb_up thumb_down

  • KeePass v2 (or the like) is your friend.... we use randomly generated passwords for all systems now, and have a shared KeePass file for things like printers or switches that our IT department is in charge of. Yes, it is inconvenient if you're constantly logging into devices across the enterprise, but hardly inconvenient enough to leave them as defaults. :-)

    Spice (17) flagReport
    3 found this helpful thumb_up thumb_down

  • WeirdFish wrote:

    Robert5205 wrote:

    One of the rules we have as a department policy is "no default or vendor-assigned passwords."  This caused some momentary friction with the copier-lease vendor who uses 12345678 for every password, but we triumphed.

    My previous employer exactly.

    Every leased MFP in the district had 12345.  It's astonishing that no student had taken advantage of this before I left.  I'd changed the passwords in one building because of this and yes, that created a lot of tension with the lessor.  I ended up losing that battle.


    Spice (42) flagReport
    2 found this helpful thumb_up thumb_down

  • dimforest wrote:

    Man... he really missed a golden opportunity to print some pretty hilarious or obscene stuff and instead chose to ask people to subscribe to his favorite YouTuber's channel.... At first I was impressed but now I'm just sad.

    There's an on going rally to keep him #1 most subscribed channel on youtube as an Indian Media company is on his tail to take the title any moment,

    Spice (6) flagReport
    1 of 2 found this helpful thumb_up thumb_down

  • Had similar issues w copier vendors. They can't be bothered to send people who understand the basics of anything let alone adding a field to the work order that has the passwords for the devices ...

    I change them all the time and they change them back

    Spice (2) flagReport
    Was this post helpful? thumb_up thumb_down

  • bucko wrote:

    The Repairatrooper wrote:

    I am continually amazed how many people, including IT workers, cannot be bothered to put a password on the admin account of the embedded system of a printer.

    I have a feeling that 99% of printers in enterprise environment have no passwords set and from that 1% probably 3/4 of them have passwords that noone can remember...

    Maybe no one can remember it, but it's secure lol

    Spice (4) flagReport
    Was this post helpful? thumb_up thumb_down

  • This is the reason my printers are in a VLAN that can only be accessed by IT work stations and the print server....  As far as my printers know, there are 4 computers in the entire universe. Printers can't be trusted.  

    Spice (39) flagReport
    3 found this helpful thumb_up thumb_down

  • What an interesting strategy that is! And, with 50,000 printers hacked with that message... I suppose it goes to show that PewDiePie is a bit more popular than I thought.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down

  • the attack was probably just a raw print to the  9100 port.

    https://hacking-printers.net/wiki/index.php/Port_9100_printing

    Spice (6) flagReport
    1 found this helpful thumb_up thumb_down

  • And of course, it has to be for one of the most obnoxious people on YouTube. If this guy gets caught, he'll have a lot of toner and paper to pay for. According to the FCC, spammers have to pay for unsolicited faxes. While different, I think the same principle would apply.

    Spice (7) flagReport
    Was this post helpful? thumb_up thumb_down

  • dimforest wrote:

    Man... he really missed a golden opportunity to print some pretty hilarious or obscene stuff and instead chose to ask people to subscribe to his favorite YouTuber's channel.... At first I was impressed but now I'm just sad.

    Don't worry - this sort of thing has been going on for 20 years already; I expect in 20 years, if we still have trees to make paper, it will still be happening.

    Spice (8) flagReport
    Was this post helpful? thumb_up thumb_down

  • With badly configured LOB hosted software.  Had one that required opening internet facing ports for IPP directly to the printers.  The only defense against anything like this happening?  Different network ports being used.  Thankfully, I don't work for that company anymore.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down

  • Man, advertising really is everywhere now, to the point they'll print it directly to your company. I can't wait for the day I dream about Light Speed Briefs. 

    Spice (8) flagReport
    Was this post helpful? thumb_up thumb_down

  • WeirdFish wrote:

    Robert5205 wrote:

    One of the rules we have as a department policy is "no default or vendor-assigned passwords."  This caused some momentary friction with the copier-lease vendor who uses 12345678 for every password, but we triumphed.

    My previous employer exactly.

    Every leased MFP in the district had 12345.  It's astonishing that no student had taken advantage of this before I left.  I'd changed the passwords in one building because of this and yes, that created a lot of tension with the lessor.  I ended up losing that battle.

    How?  My printer repairmen can't remember the default passwords and always have to ask me to log them in.

    Spice (5) flagReport
    Was this post helpful? thumb_up thumb_down

  • olivierst-pierre wrote:

    the attack was probably just a raw print to the  9100 port.

    https://hacking-printers.net/wiki/index.php/Port_9100_printing

    Port 9100 isn't open by default, even on consumer firewalls that you find in telco & cable modems.  It appears to be limited to those users who configured their printers to call the manufacturer, so I suspect the printers themselves weren't hacked but the manufacturer web-sites were.

    Spice (5) flagReport
    2 found this helpful thumb_up thumb_down

  • The Repairatrooper wrote:

    I am continually amazed how many people, including IT workers, cannot be bothered to put a password on the admin account of the embedded system of a printer.

    Oh you mean like every single Ricoh I have ever worked on since ever .... always the same username and password?? May as well be as easy to access as the old Linksys routers!

    Spice (2) flagReport
    Was this post helpful? thumb_up thumb_down

  • Sorry, but exploiting unchanged factory default settings does not impress me. The fact that people connect them directly to the Internet, even less so.

    The only thing that "amazes" me is that such fundamental fails are so common.

    Spice (7) flagReport
    Was this post helpful? thumb_up thumb_down

  • Interesting, this is probably a result of the new "meme" that's developed because of the sub race between pewdiepie and t-series. Probably some teen somewhere who thought it'd be funny.  

    Spice (3) flagReport
    Was this post helpful? thumb_up thumb_down

  • Xerox is 1111

    I used to do this when i hacked i mean tested random wifi access points, print a nice hello message!

    tee hee!

    Spice (6) flagReport
    Was this post helpful? thumb_up thumb_down

  • The Repairatrooper wrote:

    I am continually amazed how many people, including IT workers, cannot be bothered to put a password on the admin account of the embedded system of a printer.

    We have a password on ours now. Our previous printers had a default password which wasn't a good thing. At least this guy was being nice about it and just trying to educate people.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down

  • I would have printed something like, "Help me! I'm stuck in here!"

    Spice (8) flagReport
    Was this post helpful? thumb_up thumb_down
  • Spice (19) flagReport
    Was this post helpful? thumb_up thumb_down

  • deanmoncaster wrote:

    Xerox is 1111

    I used to do this when i hacked i mean tested random wifi access points, print a nice hello message!

    tee hee!

    Sometimes this is the password.  Sometimes it's the admin account ID.  Sometimes you just need this; sometimes you need "admin" as well.  Maddening.

    Spice (2) flagReport
    Was this post helpful? thumb_up thumb_down

  • I wonder if they just spammed a web print domain, I have always thought that would be easy to do.

    Spice (2) flagReport
    Was this post helpful? thumb_up thumb_down

  • Eric M wrote:

    This is the reason my printers are in a VLAN that can only be accessed by IT work stations and the print server....  As far as my printers know, there are 4 computers in the entire universe. Printers can't be trusted.  

    That is an excellent strategy!!

    Spice (3) flagReport
    Was this post helpful? thumb_up thumb_down

  • Pretty sure I just got click-baited.

    Spice (4) flagReport
    Was this post helpful? thumb_up thumb_down

  • Amontillado wrote:

    Pretty sure I just got click-baited.

    "This computer hack will amaze you. Doctors hate it!"

    Spice (11) flagReport
    Was this post helpful? thumb_up thumb_down

  • Eric M wrote:

    This is the reason my printers are in a VLAN that can only be accessed by IT work stations and the print server....  As far as my printers know, there are 4 computers in the entire universe. Printers can't be trusted.  

    That's brilliant!

    I've got all my IP based security cameras & door control devices on one VLAN, switches & wifi access points on one, staff access on one and student access on another, but honestly I'd never thought of sticking printers on their own.

    A few years ago some kids pulled a really lame senior prank, and in the process one of the "smart kids" thought he'd "hack" the security cameras...somehow....to disrupt the network so the network between the cameras and the NVR would be disrupted.  Because I'm not dumb and compartmentalized and firewalled, all he managed to do is "borrow" a school laptop, which connected him to just the student access network...and accomplish nothing. 

    I don't think we ever told him.  The prank itself was harmless and approved by an admin. But we did have some pretty awesome footage of them trying to be stealthy and talking about how the cameras were down.

    Spice (5) flagReport
    1 found this helpful thumb_up thumb_down

  • Probably less of a hack and more taking advantage of publically exposed printers.  There are of 60K HPOfficeJet also exposed https://www.shodan.io/search?query=HP+OfficeJet

    Spice (3) flagReport
    Was this post helpful? thumb_up thumb_down

  • Printers can be a huge security risk, unless properly secured.  

    Was this post helpful? thumb_up thumb_down

  • Dang.  Just dang...

    Was this post helpful? thumb_up thumb_down

  • Not cool.. I might just go sub T-Series out of spite.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down

  • I had a printer tech whisper to me the default password for a xerox machine.  He whispered.

    Spice (11) flagReport
    Was this post helpful? thumb_up thumb_down

  • About 10 years ago, I tried to change the default password of a consumer grade wireless router and got an error that said the password must be 10 characters in length and contain the characters 12345abcde.

    Spice (5) flagReport
    Was this post helpful? thumb_up thumb_down
lock

This topic has been locked by an administrator and is no longer open for commenting.

To continue this discussion, please ask a new question.

Read these next...

  • Snap! Win 8.1, hybrid IT models, robo-fish, Jovian Vortex Hunters, & more

    Snap! Win 8.1, hybrid IT models, robo-fish, Jovian Vortex Hunters, & more

    Spiceworks Originals

    Your daily dose of tech news, in brief. Welcome to Friday! It has been a big week here as we launched Spiceworks News & Insights a few days ago. Do you know who else had their sights set high? Kenneth Arnold. On June 24, 1947, civilian pilot Ken...

  • Chrome is a memory hog?

    Chrome is a memory hog?

    Windows

    I have a win 10 pro machine with 21H2.Running chrome  102.0.5005.115.  I will open a bunch of tabs during the day (right now, 49).  And including other things that are running, there's 80% of the 12GB of RAM in the box.I've noticed that when I go into ...

  • When you are just starting out

    When you are just starting out

    IT & Tech Careers

    HI Spiceworld,I was reading some discussions around the community and I see that here it’s like we’re all part of a family, so I venture to open this discussion, hoping that you can help me/understand me or at least bring your experiences. I am a c...

  • Spark! Pro Series - June 24th 2022

    Spark! Pro Series - June 24th 2022

    Water Cooler

    Compulsion: 1: a very strong urge to do something He felt a compulsion to say something. 2: a force that makes someone do something She was acting under compulsion. 3: an act or the state of forcing an action They ...

  • Sublets and the Network

    Sublets and the Network

    Networking

    I have a situation where one of the offices is looking to sublet for 1 day a week. They want one port to put their firewall/router on and drive their network from there. My first notion is to say no and require them to pull in their own connection. I want...