Did you know your printer could be hacked?

Printers can be used by hackers as easy routes onto your home and office networks if they are left unsecured. And printers are frequently left unsecured because many people are unaware they can be hacked.

In 2018, supporters of YouTube star PewDiePie dramatically hacked more than 50,000 printers in an attempt to prevent the YouTuber’s number one ranking being overtaken by rival YouTube star T-Series.

Printers around the world began spewing out calls to action to unfollow T-Series and follow PewDiePie. Soon, a hacker was claiming responsibility for finding the 50,000 printers with unsecured network connections, taking them over and using them to print the pro-PewDiePie flyers.

How was a mass printer cyberattack possible?

Essential security of networked devices is often overlooked in busy office environments, especially where there isn’t IT support based onsite. Printers are often added to the company network without changes to the factory settings – leaving them vulnerable to an attack such as that carried out in the name of PewDiePie.

With increasing numbers of people working from home, the problem of unsecured network devices is growing. How many of us have changed the security settings of our own home printers? Have you?

If not, you are not alone.

Widespread printer vulnerability

In the summer of 2020, a group of ethical hackers from the CyberNews group decided to see whether the PewDiePie experience had changed people’s behaviours and made people more aware of cyber security for their printers.

Using a search engine called Shodan, a tool used by both security researchers and cyber criminals to identify at-risk devices, the CyberNews researchers identified more than 800,000 at-risk printers. Each of these printers was vulnerable to cyberattack.

To highlight the vulnerability to the printers’ unsuspecting owners, the researchers randomly selected 50,000 machines and sent a script that would print off a five-page guide on printer security. Around 28,000 printers duly rattled off the PDF. Fifty-six percent of the sample of printers had been successfully hijacked.

Luckily, in this “attack” the attackers wanted nothing more than to highlight the dangers of unsecured network devices. But the warning was clear: few people had learned the lessons of the PewDiePie exploit and many printers remain unsecured.

Unfortunately, the problem of unsecured network devices is only likely to grow in coming years as increasing numbers of IoT devices are added to networks. Researchers have already identified at-risk surveillance cameras, alarm systems and solar devices – to name but a few.

So, if you haven’t yet secured your own printer, it might be a good idea to make that job one of your 2021 new year resolutions.