A battle for who owns the YouTube crown for top channel has been waged over the past few months between fans of Swedish video game commentary celebrity Felix “PewDiePie” Kjellberg and of the Bollywood label T-Series.
This is getting serious: It’s one thing when a fan launches a PewDiePie “Bro Army,” structured to recruit members’ friends and family in order to keep PewDiePie at the top, replete with “Privates” and “Corporals.”
But now, the printers are in on it. As The Verge reports, somebody hacked printers worldwide to print pro-PewDiePie propaganda.
Here are some Tweets showing the messages the printers were forced to spit out:
So this just randomly printed on one of our work printers. I think @pewdiepie has hacked our systems. https://t.co/wSG9cprJ4s
Dr.Moxmo (@Dr_Moxmo) November 29, 2018
@grandayy @DolanDark @pewdiepie ok so basically a printer at a friend’s workplace got hacked. not complaining https://t.co/DcNGrKlbXj
apex | IG @bobbywainwright (@apex2504) November 27, 2018
The printers were indeed hacked, but it’s not the vlogger who’s behind it. Rather, responsibility has been claimed by somebody who says they were doing it after 1) getting bored playing Destiny 2 for four straight hours and then 2) screwing around with Shodan to see what mischief they could get up to.
Here’s the tale, told by @HackerGiraffe:
Here is how the entire #pewdiepie printer hack went down:
1. I was bored after playing Destiny 2 for a continous 4… twitter.com/i/web/status/1…
TheHackerGiraffe (@HackerGiraffe) December 01, 2018
As we’ve reported in the past, the security of networked office printers is pretty squishy.
For example, in February 2017, German researchers reported that they’d found several ways to exploit access to networked printers through RAW printing on port 9100.
Popularized by HP’s JetDirect in the 1990s, port 9100 was configured for remote maintenance by admins, although it can also be used to print. Other examples of direct access include the Internet Printing Protocol on port 631 and the old Unix Line Printer Daemon (LDP) on port 515.
After they learned about those three printing protocols, TheHackerGiraffe says they searched for the protocols on Shodan: the search engine for exposed devices and databases. The port 9100 vulnerability is found on hundreds of thousands of printers worldwide, leading the hacker to hit the Shodan jackpot:
3. I was horrified to see over 800,000 results show up in total. I was baffled, but determined to try and fix this.… twitter.com/i/web/status/1…
TheHackerGiraffe (@HackerGiraffe) December 01, 2018
From there, TheHackerGiraffe decided to print a message in support of “our dear overlord @pewdiepie himself!”
The hacker claims that they used a tool called PRET – the Printer Exploitation Toolkit – that, according to its GitHub page, allows attackers to “captur[e] or manipulat[e] print jobs, [to access] the printer’s file system and memory or even caus[e] physical damage to the device.”
The hacker said the stunt wasn’t meant maliciously. Rather, it was done to bring people’s attention to printers’ vulnerability:
@thefreeman28989 @pewdiepie Your printer is exposed. I’m trying to warn you to close it, how else am I gonna get your attention?
TheHackerGiraffe (@HackerGiraffe) November 29, 2018
As of Friday, The Verge was looking for proof that TheHackerGiraffe was behind the attack. The news outlet quoted the hacker, who said that first off, the attack could have done serious damage. Second, they’d pulled it off in a mere half hour, start to finish:
People underestimate how easy a malicious hacker could have used a vulnerability like this to cause major havoc. Hackers could have stolen files, installed malware, caused physical damage to the printers and even use the printer as a foothold into the inner network.
The most horrifying part is: I never considered hacking printers before, the whole learning, downloading and scripting process took no more than 30 minutes.
TheHackerGiraffe certainly wasn’t the first to discover the vulnerability, and they weren’t the first to hack thousands of printers to get the point across. In February 2017, a hacker called Stackoverflowin caused 150,000 printers worldwide to cough up this message:
Stackoverflowin has returned to his glory, your printer is part of a botnet, the god has returned, everyone likes a meme, fix your bulls***… For the love of God, please close this port, skid.
Over the next 24 hours, tweaks of that same message spewed out of printers made by manufacturers including HP, Brother, Dell, Canon, Samsung, Epson, Lexmark, Oki and Ricoh.
Is your printer potentially a pro-PewDiePie platform?
As we said with regards to the “please close this port, for the love of God” attack, every printer is different. Here are some ways to button up some of the vulnerable ones:
- The affected printers in the 2017 attack were all networked models, potentially including wireless models.
- Printers with built-in management can be vulnerable if they can be accessed remotely, so make sure to change the default password.
- Make sure your firewall is properly configured.
- Don’t leave your printer switched on if you’re not using it.
Printers aren’t just passive boxes. If they’re hooked to the network, they can be put to work shilling for whatever favorite cause a bored gamer who plays around with Shodan decides on. Worse still, they can be damaged.
Don’t let your office workhorse become collateral damage in the Bollywood-PewDiePie dance-off… or any other weirdness the internet coughs up!