Perhaps taking an ink-soaked page from the HackerGiraffe – a hacker who made insecure printers around the world print out promotional material for a Youtuber – the online training platform Skillbox is hijacking printers to promote a design course.
Skillbot is using Shodan, a search engine that helps you find devices connected to the internet. The company is connecting to printers through the 9100 port. Once their bot has found an insecure printer on Shodan it forces the device to print out its message.
Purporting to be from a robot, this states: “<To human it may concern> You are in the risk group. It’s 94% likely that by 2024 I will replace millions of accountants, auditors and financial analysts, no matter how experienced or talented ‘they’ may be; The same fate will befall all professions based on structured and algorithmic processes.”
It goes on to read that only eight percent of graphic designers will be replace by bots in 2024. Now that the receiver is set up the ‘bot’ suggests that they have analysed the data and “Find it beneficial for you to complete a design course from Michael Janda.”
Dmitry Krutov, CEO, Skillbox, says that it isn’t about just promoting a class: “We want to prevent mass unemployment that will arise as a result of advancing technology.”
He added: “Everyone deserves a job that will realize their full potential and help them achieve success. That’s why it is important now to start thinking about the job you will have in the next 5 to 10 years.”
Printer Security Goes Overlooked
The commandeering of printers by Skillbox is similar to an advertising hack pushed by the HackerGiraffe last year when they made 50,000 printers – also discovered on Shodan – print out material promoting the YouTube channel of videogamer PewDiePie.
The lesson for enterprises, as before, is to ensure your security policy covers devices at the periphery of your network. As HP has noted, fewer than half of people say their business’ security policy includes the security of network-connected printers.
As HP’s Paul McKiernan noted in an earlier guest post for Computer Business Review: “If a company buys 200 new laptops, IT may handle the onboarding and security processes, while a fleet of printers will most likely fall under the office management team’s remit. Serious BIOS, firmware, and runtime intrusion protection at the memory level gets overlooked, while blanket, band aid security software fails to adequately protect. The result is poor protection ripe for exploitation by highly-capable bad actors.”
He added: “IT must ensure security policies are extended to every single device that touches the network, including those oft-forgotten printers. In line with that, businesses need to develop a wide-reaching security programme, owned and managed by the IT team, which includes all endpoint devices within a business – the number of which will surely only grow, as advances such as wearable tech becomes more mainstream.”