A few days ago, a bored hacker known as TheHackerGiraffe achieved widespread notoriety for exploiting vulnerabilities in security protocols for internet-connected devices and thus hacking into 50,000 exposed printers as part of the “Save PewDiePie” campaign. At a time when PewDiePie — the world’s most famous YouTube channel with more than 19 billion views over five years — is set to be upstaged by Indian music production channel T-series, the lessons learned from the hack could have major implications beyond the world of casual hacking and gamer culture.
In a Twitter thread, TheHackerGiraffe explained that while looking at ways to canvass support for PewDiePie (without the streamer’s knowledge or permission), he decided to carry out a guerilla printing campaign using vulnerable internet-connected printers. What happened next could potentially hold great significance both for internet user habits and for cryptocurrency holders and investors.
Hacking Printers Using Shodan
According to the hacker, he decided to search for vulnerable printers on Shodan, a search engine built specifically to find internet-connected devices. This search, to his amazement, turned up 800,000 results. Taking a sample of 50,000 printers from the list running on a specific port, what he did next was locate a tool that would allow him to connect with printers on that port and print. He found one such tool called PRET, and in the thread, he described his shock at discovering what PRET would allow him do.
“PRET had the scariest of features. Ability to access files, damage the printer, access the internal network; things that could really cause damage. So I had to do this, to at least help organisations and people that can protect themselves.”
The result was that with less than 30 minutes of relatively low-level hacking, he was able to commandeer 50,000 printers and use them to print a message in support of PewDiePie.
— Bobby Thousandaire (@Hlt_tm) November 27, 2018
Implications for Crypto Holders
The major takeaway from the incident from a cryptocurrency security standpoint is that printing bitcoin wallet recovery seeds from a networked printer may be an incredibly risky activity. Though not the case in this specific incident, the process of hacking an internet-connected printer could involve stealing files stored on the printer’s internal memory, which may include past or pending print jobs. Theoretically, this could give a hacker access to a user’s bitcoin wallet if the recovery seed print file was present on the device’s memory.
It also reinforces the importance of good security practices when dealing with digital copies of paper wallets. Such copies should ideally not be saved on networked devices including printers, mobile phones, and computers because that potentially exposes them to hackers. In the event that paper wallets are printed, this should ideally be done on a non-networked printer which preferably has never been connected to a network previously and does not retain copies of print jobs on its internal memory.
Featured Image from Wikimedia Commons