Hackers Compromised Printers & Spam Print Commands

Using the idea of cross-site scripting with which attackers insert malicious code onto web pages that people view, they are now injecting malicious spam messages into printers of website visitors, according to Aaron Weaver, a security researcher. InformationWeek published this in news on January 10, 2008.

Weaver explained that spammers launch the attack using a concealed iFrame, a code block introduced to a web page and hosted on a domain other than that of the web page, and an online form that allows the spam message into the printer. The attackers are also faxing spam messages from printers equipped with that facility.

The ultimate result boils down to receiving and sending spam to a website visitor's printer while the victim remains completely unaware. Since no security system exists on most printers, it becomes easy for remote attackers to control a victim's printer, print any content through it, alter the print configurations, and even fax any material from it, said Weaver.

A cross-site attack on a printer works only if the victim visits either an infected website or a genuine page that is impaired with a cross-site scripting vulnerability, a common error on web programming. The hacker then inserts a JavaScript code onto the affected browser that through trial and error determines the hijacked printer's location allowing the hacker to send a print command.

The security of printers has been security professionals' subject of discussion for years. Way back in 1999, a similar procedure hacked a printer of Space and Naval Warfare Systems Command that enabled an attacker to reprogram the routing tables for other equipment on the network and send print commands to a Russian server.

The XSS attack on printers is further possible as most browsers usually connect their service to the printer's networking port to seek printing jobs. Thus, attackers can use browsers as the starting point to connect to an otherwise impossible point to access, a printer on the LAN.

Hence, security researchers advise users to create an administrator password to lock their printers when not in use and restrict access to them only from specified server/s.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 1/23/2008