Thousands of Publicly Accessible Printers Searchable On Google

Jeremiah Cornelius writes "Blogger Adam Howard at Port3000 has a post about Google's exposure of thousands of publicly accessible printers. 'A quick, well crafted Google search returns "About 86,800 results" for publicly accessible HP printers.' He continues, 'There's something interesting about being able to print to a random location around the world, with no idea of the consequence.' He also warns about these printers as a possible beachhead for deeper network intrusion and exploitation. With many of the HP printers in question containing a web listener and a highly vulnerable and unpatched JVM, I agree that this is not an exotic idea. In the meanwhile? I have an important memo for all Starbucks employees."

How did this happen?

[countach]

Excuse my ignorance, but how does this happen? Big companies have firewalls and NAT, and everyday people have wi-fi routers and NAT. What sort of people have big swarths of IP address space, but no clue how to manage it?

Re:Insert Cheese

[JamesTRexx]

Did this at the previous company I worked for as a 1st of April joke. Nobody had any clue as to how I did that. *lmao*

Or maybe I should have been worried about why nobody had the knowledge about these exploits...

3D

[WrecklessSandwich]

I can't wait for networked 3D printers to become commonplace. See also: http://www.smbc-comics.com/index.php?db=comics&id=2851 [smbc-comics.com]

Re:Imagine...

[black3d]

Back in the early days of the web when I used to port-sniff for fun, I discovered an FTP enabled printer with an upload to print function so threw "The Complete Works of William Shakespeare" up into it to see what happened. Of course, the file disappeared after a few minutes so I really have no idea, but to this day I wonder if I perhaps unfortunately used up someone's paper. :\

Re:How did this happen?

[Changa_MC]

I have 1024 public IPs, and I'm the only one who does anything with them: we won't have a network person until the hiring freeze is lifted (read: never).
There' was no NAT here, because that's not part of the IPv4 specs, and didn't even exist when this place was setup.

I've setup basic NAT, my wireless users are on it, and a few desktops, but I can't move everyone onto it because some directors like to print from home to work, and some people require access to a router-to-router VPN to another site that only works if you have a public IP address. I'd love to get a better handle on how access tables on these routers work, but if I did that I'd have to take time away from my day job, and really who wants to get yelled at for working harder?

I have no idea what I'm doing, but I can put anything I want on a public IP because there's literally no-one more knowledgeable to stop me. And I'm not gonna touch those printers because they're on a different subnet from my servers now, so screw it, they're literally not my job to secure.

They've been like that for 20+ years, how bad can it be?

Re:already used for spam...

[Anonymous Coward]

What I loved were the printers at all three of the colleges I went to all had complicated systems set up so that they could charge you to print on the printers. However, open up wireshark and in less than a second, you would receive a couple hundred packets from printers advertizing themselves. And it wasn't just student printers either; the very printers they were charging us to print from availible for free and letting everybody know.