View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Is it a Giraffe? Is it a Robot? Regardless, it’s a Printer Security Wake-up Call

Printers remain a security soft spot...

By CBR Staff Writer

Perhaps taking an ink-soaked page from the HackerGiraffe – a hacker who made insecure printers around the world print out promotional material for a Youtuber – the online training platform Skillbox is hijacking printers to promote a design course.

Skillbot is using Shodan, a search engine that helps you find devices connected to the internet. The company is connecting to printers through the 9100 port. Once their bot has found an insecure printer on Shodan it forces the device to print out its message.

Purporting to be from a robot, this states: “<To human it may concern> You are in the risk group. It’s 94% likely that by 2024 I will replace millions of accountants, auditors and financial analysts, no matter how experienced or talented ‘they’ may be; The same fate will befall all professions based on structured and algorithmic processes.”

See also: The Future is AI – But Not Quite Yet…

It goes on to read that only eight percent of graphic designers will be replace by bots in 2024. Now that the receiver is set up the ‘bot’ suggests that they have analysed the data and “Find it beneficial for you to complete a design course from Michael Janda.”

Dmitry Krutov, CEO, Skillbox, says that it isn’t about just promoting a class: “We want to prevent mass unemployment that will arise as a result of advancing technology.”

He added: “Everyone deserves a job that will realize their full potential and help them achieve success. That’s why it is important now to start thinking about the job you will have in the next 5 to 10 years.”

Printer Security Goes Overlooked

The commandeering of printers by Skillbox is similar to an advertising hack pushed by the HackerGiraffe last year when they made 50,000 printers – also discovered on Shodan – print out material promoting the YouTube channel of videogamer PewDiePie.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The lesson for enterprises, as before, is to ensure your security policy covers devices at the periphery of your network. As HP has noted, fewer than half of people say their business’ security policy includes the security of network-connected printers.

As HP’s Paul McKiernan noted in an earlier guest post for Computer Business Review: “If a company buys 200 new laptops, IT may handle the onboarding and security processes, while a fleet of printers will most likely fall under the office management team’s remit. Serious BIOS, firmware, and runtime intrusion protection at the memory level gets overlooked, while blanket, band aid security software fails to adequately protect. The result is poor protection ripe for exploitation by highly-capable bad actors.”

He added: “IT must ensure security policies are extended to every single device that touches the network, including those oft-forgotten printers. In line with that, businesses need to develop a wide-reaching security programme, owned and managed by the IT team, which includes all endpoint devices within a business – the number of which will surely only grow, as advances such as wearable tech becomes more mainstream.”

See Also: EU Unveils Intelligent Transport Plans: Industry Blasts Wi-Fi Standard

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.