iPulse uncovers one of the largest hacking attempts against individuals around the world and how it is being handled.
Imagine waking up in the morning to find multiple print outs in front of your printer. This may be normal as one may have forgotten to remove their document from the previous day. Now imagine that the print outs display hacking information and a code that signifies the printer’s entrance into a network known as the “flaming bot-net.”
A recent iPulse investigation found that thousands of homes and business printers worldwide are open to public access, meaning that an individual’s personal information could easily be exposed without their knowledge, or the knowledge of the company they subscribe to. In today’s era of constant connectivity, virtually anyone has at least one device containing their personal information connected to the Internet.
According to Statista, 270.3 million people in the United States use the Internet today. For each individual or company that has Internet within their building, they need a modem, or a small box used to convert the wired signal coming in to the building into an Internet connection.
Through this investigation, reporters uncovered that many Internet providers, some being the largest in their country, leave their clients’ connected devices wide open for public access. Reporters began this investigation close to home, using a South Florida Internet service provider, Hotwire Communications.
A Google search was performed for a list of IP addresses, also known as a digital caller ID, for each client’s Internet connection allocated to Hotwire in the South Florida area. As it turns out, nearly every IP address within this block owned by Hotwire Communications, which maintains its services primarily throughout New Jersey, Pennsylvania, Georgia and Florida, could then be used to find out whether or not the user has a printer connected to their network and is powered on. As this investigation tested, hundreds of printers were found to be readily available in the homes of citizens of all ages, ranging from community town homes to individual households around the South Florida area.
The investigation then pursued an attempt to access one of these Internet connected printers, which happened to be an HP printer (with permission of an identified customer), to see just how easy it may be to penetrate their home network through a basic printer in their home. Within two minutes, from a remote location, investigators were able to send a print job to their printer without any password or authentication taking place. The user confirmed that the print job printed instantly.
One may ponder how this can be possible. But since the introduction of network printers around 15 years ago, companies such as HP, Canon, Brother and Epson, have all programmed their network printers to use a specific port to communicate with the computer, preventing other Internet connected devices, such as a router or iPhone, from interfering with it. Each type of Internet connected device around the world has its own port and printers dedicated to port 9100.
Using a search engine program similar to Google, investigators were able to perform a search of any printer left open to the Internet simply by using port 9100. After accessing the printer without a password, peeking into the networks these printers were connected to was visible as well.
How could it be legal for an Internet service provider to leave their clients’ devices exposed to the world? iPulse reporters reached out to Paul Shalita, a retired superior court judge familiar with the looming issues in information technology security.
“The law in [cyber security] is developing,” he said. “What is going on in the field of cyber security is what can or cannot be used in court. [I]t is generally accepted scientifically that communications can be intercepted and that those communications can then be copied. The question today is what the limits are on how information can be taken and how they may be used for or against an individual.”
Reporters also reached out to Hotwire Communications to see what they had to say about this potential security loophole in their network, which covers homes and businesses in many Florida communities. After about 30 attempts for contact, representatives immediately denied having anything wrong with their network and said that they could no longer answer any more questions after reporters identified themselves.
In the later part of this investigation, reporters decided to uncover how many devices around the world may be left open to anyone, at anytime. Using the same software and methods as earlier, reporters were able to print to an open printer in Greece.
Luckily, no large scale attacks have occurred to any of these devices around the world, but in a similar investigation uncovered by an unnamed teenager in the United Kingdom, one print command was sent to more than 150,000 printers around the world.
The similar investigation printed out messages with a friendly note, letting the owners of these printers know that their devices are left open to the world, before a big attack is likely to occur.
“[S]tackoverflowin has returned to his glory, your printer is part of a flaming bot-net,” the print out read, using the pseudonym “stackoverflowin,” along with a Twitter handle and email address to contact them at. “Your printer has been owned,” the message continued.
Some of the owners affected took to social media to share this bizarre event. “I am honestly just impressed with these printer hacks more than anything,” said Faith Kennedy, one of the many who received the printout. “Thanks for entertaining me during my double shift.”
“I never meant for it to get this big to be honest,” said the hacker who sent the messages to news sources. “When it came back that 158,000 [printers] were replying, I was stunned. I did not think it would get this much attention either.”
The hacker noted that his or her intention was to send a warning to each printer connected to the “flaming bot-net” network. He or she asked receivers of the print out to fix their devices before a true attack occurs.
As for our investigation, Hotwire Communications said that they do offer a firewall service to protect their customers and their Internet connected devices, but that it is a service they charge $5.99 a month for. iPulse felt the need to uncover these issues as more and more devices are connected to home and business networks, allowing for potential pathways into the digital roadways of everyday lives.
As the world of the Internet and of connected devices continues to grow, many technologists emphasize the importance to secure devices before large scale attacks occur, with the potential to breach data around the world in a multitude of industries.