Security researcher Aaron Weaver claims visiting a random Web site could send unwanted print requests to your nearest office printer.In a paper published in November (PDF), and cited on Wednesday in a blog by Jeremiah Grossman of White Hat Security, Weaver demonstrates the code necessary for sending a formatted page to a remote network printer, and, in an another example, to an intranet addressable fax machine.

Since most network printers are behind the corporate firewall and therefore don’t have security enabled, Weaver says that a simple iframe added to an Internet Web site could cause an internal network printer to start printing remotely. The attack is derived from techniques employed within a project called hacking network printers by Adrian "Irongeek" Crenshaw. Weaver notes that most network printers listen on port 9100 and that you can telnet to port 9100, type text, and, once you disconnect, the text will print remotely. That’s fine, but he ventures further that network printers also accept PostScript and Printer Control language (PCL) code as well, which creates more interesting printouts. Remote printer spam made easy | Defense in Depth - computer security, hacking, crime, viruses - CNET News.com

Technorati Tags: printer spam