Researchers warn of Consequences from ‘Printjack’ Printer attacks

Spread the love

A team of Italian researchers has compiled a set of three attacks called ‘Printjack’ Printer attacks,’ warning users of the significant consequences of over-trusting their printer.

Researchers warn of Consequences from ‘Printjack’ Printer attacks

The attacks include recruiting the printers in DDoS swarms, imposing a paper DoS state, and performing privacy breaches.

As the researchers point out, modern printers are still vulnerable to elementary flaws and lag behind other IoT and electronic devices that are starting to conform with cybersecurity and data privacy requirements.
New Linux malware hides in cron jobs with invalid dates

By evaluating the attack potential and the risk levels, the researchers found non-compliance with GDPR requirements and the ISO/IEC 27005:2018 (framework for managing cyber-risks).

This lack of in-built security is particularly problematic when considering how omnipresent printers are, being deployed in critical environments, companies, and organizations of all sizes.
Finding exploitable printers

A paper titled ‘You Overtrust Your Printer’ by Giampaolo Bella and Pietro Biondi explains how Shodan was used to scan European countries for devices with a publicly accessible TCP port 9100, typically used for raw TCP/IP printing jobs.

This search resulted in tens of thousands of IPs responding to the port query, with Germany, Russia, France, Netherlands, and the UK having the most exposed devices.

While port 9100 can be configured for other jobs besides printing, it’s the default port for that service, so most of these results are likely related to printing.

The first type of Printjack attack is to recruit the printer in a DDoS swarm, and threat actors can do this by exploiting a known RCE vulnerability with a publicly available PoC.

The researchers use CVE-2014-3741 as an example but underline that at least a few dozen other vulnerabilities are available in the MITRE database.

Considering that there are 50,000 exposed devices in the top ten EU countries alone, putting in the effort to recruit them for DDoS attacks isn’t unlikely at all.

Read the Full Article on the Consequences from ‘Printjack’ Printer attacks here at the Bleeping Computer.