Home Cybersecurity Nearly A Million Printers At Risk Of Attack, Thousands Hacked To Prove It
Nearly A Million Printers At Risk Of Attack, Thousands Hacked To Prove It

Nearly A Million Printers At Risk Of Attack, Thousands Hacked To Prove It


Roughly 28,000 printers recently gave their owners an unexpected lesson in cybersecurity. Seemingly unprompted, the printers whirred to life and produced a 5-step guide to keeping hackers at bay.

Start a Homeland Security degree at American Military University.

“This printer has been hacked,” the message began ominously. Fortunately for the “victims” it was a group of ethical hackers behind the attack. A team of researchers from CyberNews was out to remind the public about the potential peril of connected devices.

To get the ball rolling, the team scoured the globe for printers that were vulnerable. They found more than 800,000 in total using a search engine called Shodan.

Shodan is a tool that’s leaned on by both security researchers and cyber criminals. In the past it’s been used to identify thousands of at-risk surveillance camerassecurity alarm systems and hundreds of wind turbines and solar devices.

And yes, Shodan has also been used to pinpoint tens of thousands of vulnerable networked printers. In 2018 someone hijacked around 50,000 printers and forced them to print documents voicing support for controversial YouTuber PewDiePie.

It was the sort of incident that can serve as a much-needed wake-up call. Given what the CyberNews team discovered, the problem was largely ignored.

Its researchers selected a sample of 50,000 printers based on their location, the brand and which protocols were left exposed to the Internet. The next step was to develop the actual “attack.”

The team created a “custom script that was specifically designed to only target the printing process, without gaining access to any other features or data stored on the printers.” As the script cycled through the list, 27,944 printers happily printed out a PDF guide on printer security.

As CyberNews points out that’s a hit rate of 56%. Across the entire list of 800,000-plus vulnerable devices located by Shodan that works out to around 447,000 that could have been successfully hijacked.

“These numbers speak volumes about the general lack of protection of networked devices worldwide,” concludes the CyberNews report.

It shows more than just a glimpse into the staggering number of at-risk devices. It also reveals just how hard it is to convince people of the associated risks.

When the hacker behind the 2018 PewDiePie incident scanned for printers with Shodan the result was almost identical — reportedly 800,000 exposed. Two years later little — if anything — has changed.

It’s entirely possible that many of the 2018 victims simply saw an odd document on their printers, crumpled it up and tossed it thinking that someone else at the office printed something by mistake.

Hopefully the results will be different this time around. The message on the CyberNews prints is clear enough…as long as those who received it take the time to read it.

Those who don’t may learn the hard way that malicious hackers may not stop at printing out random (or even offensive) documents. They may use access to printers to gain a foothold on a network and launch more sophisticated attacks.


This article was written by Lee Mathews from Forbes and was legally licensed through the Industry Dive publisher network. Please direct all licensing questions to legal@industrydive.com.



Online Degrees & Certificates In Cybersecurity

American Military University's online cybersecurity programs integrate multiple disciplines to ensure you gain the critical skills and management practices needed to effectively lead cybersecurity missions – from government or private industry. Learn from the leader. American Military University is part of American Public University System, which has been designated by the National Security Agency and the Department of Homeland Security as a National Center of Academic Excellence in Cyber Defense Education.

Request Information

Please complete this form and we’ll contact you with more information about AMU. All fields except phone are required.

Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Ready to apply? Start your application today.

We value your privacy.

By submitting this form, you agree to receive emails, texts, and phone calls and messages from American Public University System, Inc. which includes American Military University (AMU) and American Public University (APU), its affiliates, and representatives. I understand that this consent is not a condition of enrollment or purchase.

You may withdraw your consent at any time. Please refer to our privacy policy, terms, or contact us for more details.