The ongoing battle between T-Series and PewDiePie has helped expose the vulnerabilities of internet-connected printers to hacking. Following the incidents in which PewDiePie’s fans hacked thousands of printers around the globe to gather support for their “Subscribe to PewDiePie” campaign, printer companies have apparently come forward to inform users about security measures they can take to avoid such hacks in the future.
T-Series and PewDiePie: Why were printers hacked?
Since the battle between T-Series and PewDiePie heated up, printers have been hacked twice.
The first hack came last month when several users reported getting unsolicited printouts saying, “PewDiePie, the currently most subscribed to channel on YouTube, is at stake of losing his position as the number one position by an Indian company called T-Series that simply uploads videos of Bollywood trailers and campaigns.”
Here’s an image of the full print-out:
@grandayy @DolanDark @pewdiepie ok so basically a printer at a friend’s workplace got hacked. not complaining pic.twitter.com/DcNGrKlbXj
— apex | IG @bobbywainwright (@apex2504) November 27, 2018
The person who claimed responsibility for the hack said it was carried out to raise awareness about printer security. Further, the hacker said they used the open network port available on the printers to carry out the hack. The hacker also revealed that they used a tool called PRET to hack about 50,000 printers.
Spread the word with your friends about printers and printer security! This is actually a scary matter. Will tweet everything about this entire #pewdiepie hack later to explain to everyone exactly what went down. Also @pewdiepie please notice me
— TheHackerGiraffe ? (@HackerGiraffe) November 30, 2018
The second hack came about two weeks ago, but this time, the hackers claimed to have the power to destroy the printers as well. Except for the threat to destroy the printers, the second hack was the same as the first one calling on users to improve their online security.
“We really want people to pay attention to this because causing physical damage is very much a possibility,” one hacker told the BBC.
The hacker explained that printers’ firmware could be used to continuously push data onto their chips, which have a “limited lifetime of ‘writes.’” So if the printer is kept busy for too long, the chip may “fry,” and the printer won’t work.
While the first hack affected about 50,000 machines, the second one claimed to have printed messages in support of PewDiePie on over 100,000 machines. Although the BBC wasn’t able to confirm this claim, people from countries around the world, including Argentina, Spain, Australia, the U.K., the U.S. and Chile, posted pictures of the print-outs.
HP recommends security settings
It appears that the claimed awareness campaign by the hackers regarding online security worked. According to some users, HP is now informing them about settings which can help them avoid such attacks in the future. One tweet spotted by PiunikaWeb highlights a setting HP is informing users about.
Printer companies are taking the #pewdiepie Printer Hack seriously – check out the @HP driver download site help #security #hacking #databreach pic.twitter.com/5dkU13a0Se
— Eric Crump (@MrEricCrump) December 27, 2018
HP’s support page entitled “HP Printers – Minimum security settings for products on the open Internet” informs users about basic security settings. On the page, HP explains that in order to facilitate installation for users, it doesn’t configure its printers when they are shipped. However, the company also warns that printers which aren’t configured properly might be vulnerable to hacking.
“HP strongly recommends configuring minimum security settings for all HP printers to eliminate the majority of security exposures,” the company says on its support page.
What’s interesting to note is that one of the recommended settings from HP calls for disabling the port 9100. It’s the same port one of the hackers involved in the PewDiePie campaign used. It is not known if HP added this security setting after the revelation from the hacker, but it is good to see the company coming forward to make users aware of settings they can use to prevent hacks.
New service to hack printers
A week after the first hack when over 50,000 printers were hacked, a new service was launched. The service claimed to offer a similar marketing campaign but for anyone. In other words, the service offered to hack printers to promote any product or service, reports ZDNet.
This new service, which used the name “Printer Advertising,” claimed it could hack printers worldwide and print any message on them. The service also promoted itself by sending flyers to everyone’s printers. Andrew Morris, founder of the cyber-security company GreyNoise Intelligence, was among the first to spot this new “service.”
.@GreyNoiseIO just detected someone (specifically 194.36.173[.]50) spraying the entire Internet with print commands for this document advertising a world-wide printing service, similar to HackerGiraffe’s PewDiePie printer hack and Weev’s swastika printer hack. pic.twitter.com/Ge0kebMzI7
— Andrew Morris (@Andrew___Morris) December 2, 2018
The person who claims to be behind the Printer Advertising service told ZDNet that he had long been considering offering such a service, but “the PewDiePie hack certainly helped motivate [him] a bit.” Further, he said that his service doesn’t rely on the PRET toolkit used by the PewDiePie fan to hack printers. He feels the toolkit is slow and can “overcomplicate things.”
Instead, he uses his “own highly scalable golang printer daemon.” Printer Advertising did not answer when asked about if what he is doing is legal.
