Why Your Printer Just Spat Out Gibberish (Port Scanning Edition)
- October 5, 2023
It seems like printers have forever been the bane of our existence, giving us headaches from indecipherable messages, pc load letter, to phantom paper jams.
I once had a printer that took any print request and squared the number of copies you wanted — asking for 2 copies yielded 4, and strap in if you requested 4, because you’d get 16!
But have you ever experienced your printer spontaneously churning out gibberish, or printing something without you even pressing a button? If you’re curious about why your printer may have gone rogue, keep reading.
It began with a simple task: to identify open ports and services running on a local network featuring a network printer. So, I fired up PortDroid and initiated a port scan. PortDroid is typically used for network analysis, security checks, and troubleshooting. PortDroid can scan ranges of ports and identify which are open and what services they run.
The Quirky Outcome
To my surprise, the printer sprang to life and started printing out the HTTP requests it was sent. Why did this happen? Printers typically listen to port 9100 for print jobs. However, it seems some are configured to treat data received as if they were print jobs. The outcome: the printer treats the HTTP requests as text files and prints them out without question.
This occurs because PortDroid performs ‘HTTP scanning’ and ‘banner grabbing’ on ports to determine if they are serving HTTP or HTTPS and to try to determine what versions of software are running.
The Implications While this is humorous and relatively harmless, it also poses potential security risks. An attacker could flood a printer with data, wasting ink and paper, and essentially rendering it useless. Moreover, a compromised printer could potentially act as an entry point to an internal network, depending on its configuration.
Tip Set up authentication (username and password) on your printer so that unauthorized people and programs cannot use it. It can also be worthwhile disabling services and ports on your printer that you do not need.
PortDroid to the Rescue
PortDroid’s feature-rich set, including Traceroute, Ping, Port Scanner, and Certificate Viewer, can be used to better understand your network and its vulnerabilities. The latest version even includes IPv6 support for most of its features. Whether you’re a security expert or just a curious individual, PortDroid can be your Swiss Army knife for network analysis.
For added protection banner grabbing and HTTP scanning on port 9100 have been disabled in PortDroid to avoid printing gibberish on networks you scan. If needed you can completely disable Banner grabbing and HTTP scanning in the settings as shown below:
Secure Your Printer: Add Authentication
As amusing or startling as it may be to find your printer acting on its own, this scenario actually points to a security vulnerability. It is advisable to add authentication to your printer to mitigate such risks. Many modern printers come with built-in settings to enforce user authentication before proceeding with print jobs. This feature can act as a barrier, preventing unauthorized commands from being executed. Even for simple tasks like port scanning, authentication would require the scanner to pass credentials, adding an extra layer of security to your device.
So, next time you decide to use PortDroid or any other network analysis tool, consider the quirks that come with scanning different types of devices. Always remember to act responsibly and ethically, particularly in a professional setting. This incident with the printer may be funny, but it’s also a reminder of the unpredictable nature of networked devices and the importance of security awareness.
P.S. For anyone interested in experimenting further with printers, I recommend checking out the Printer Exploitation Toolkit (PRET)