It wasn’t enough to infiltrate your computers with Trojans, disable your website with denial of service attacks, and completely crash your hard drive with worms, now hackers want your printers too – via the intranet.

According to an article in Dark Reading (see The Coolest Hacks of 2007 – Part II) a new breed of nefarious loner has figured a way to hack your intranet and assume control of your printer. Not does the infectious script in through the intranet and take over network printers, they start wasting reams of paper by print spamming – or if it’s also a fax machine, faxing names in your databank!

"Printer spam isn’t something you worry about every day, but one researcher has released a proof of concept for a printer hack using JavaScript that lets an attacker remotely "own" an intranet printer for spamming or other nefarious purposes. (See The Five Coolest Hacks of 2007.)

 

"This kind of added insult to injury: We saw that intranet hacking was possible, and now [attackers] can go after printers to make them perform printer-spamming," says Jeremiah Grossman, CTO of WhiteHat Security, who has done some intranet hacking research of his own.

 

The attack requires that a user visit a malicious Website that contains the "bad" JavaScript. Then the attacker can use an HTTP Post command to print to the victim's internal networked printer, and even send faxes. "Since most printers don’t have any security set, it is possible to print anything, control the printer, change the print settings and even send faxes," Weaver writes in his paper on the hack."