PewDiePie Hackers Hijack Printers Again
Printers around the world appear to have been hijacked again with a message to subscribe to a popular YouTube vlogger, and improve their cybersecurity.
Those behind the attack are thought to be the same ones that managed to get a message in support of social media star PewDiePie printed out on 50,000 machines last month.
It’s claimed the latest attack has forced print-outs on double that number: with users around the world in the UK, US, Argentina, Spain, Australia and elsewhere taking to social media to post pictures.
This time there appears to be a bigger message to users: protect your printers.
The original hacker told the BBC that by exploiting printer flaws he could capture and modify sensitive documents as they are printed, and force data to be written to the machine’s processor.
“These chips have a limited lifetime of writes. If you keep the loop on enough, the chip will fry and the printer will no longer function,” he told the broadcaster.
"I've been trying to show that 'hacking' isn't a game or toy, it can have serious real-life consequences. We really want people to pay attention to this because causing physical damage is very much a possibility."
Bob Reny, EMEA CTO at ForeScout, warned organizations to gain control of the situation.
“The first step is to audit your environment. Does your printer need access to the internet? No, it usually only needs local connection to workstations that need to print,” he argued.
“Second, overlay control. Don’t allow your IoT to beacon to the internet and advertise their services. Be more intelligent as to what the IoT device is doing and only allow those specific tasks to be done.”
IT departments should also apply roles to network access, he said.
“Do I have a good audit for all my printers and what services they need to run? How do my clients interact with printers?” explained Reny. “The key is to ensure that no device is doing more on the network than they should be doing, and there are a range of technologies available to help firms address that at a very reasonable cost.”
Source: Information Security Magazine