For a while I worked as a system administrator on call in various companies. Nothing happens – I sit at home and wait for a call. The work is good, not complicated. One fine day I am called into the office with a rather interesting problem.
According to the girls who worked in the office, they have a big problem with the printer. Every weekend, when there are only two people left in the office, it starts printing by itself. The black-and-white images are not very decent. And there is nothing they can do about it, except to disconnect the device from the network. But you can’t turn it off, because this printer also performed the functions of a fax, which the director of the organization used out of old habit.
Later in the conversation it turned out that two weeks ago a friend from the neighboring office came to them and asked to borrow 50 sheets of paper. The girls were forced to refuse, since they only had half a pack left, and the working day was still ahead. The man left very dissatisfied, because he had previously helped them with computers. And after that the printer started to act up. By the way, the friend from the neighboring office had some kind of small office related to software development.
Here everything immediately fell into place – the MFP (printer, scanner, copier + fax) was connected via Wi-Fi. Apparently, the husband decided to take revenge on them by sending a bunch of pages with unpleasant content to print. The problem, it would seem, is not worth the trouble – to change all accesses and passwords related to Wi-Fi. Which I did, so with a calm soul I declared that the problem was fixed and the printer would no longer print unnecessary things.
But the next weekend the situation repeated itself. I started Googling on forums and realized that the printer firmware allowed for a Wi-Fi Direct connection (from device to device) and had no protection. I won't write the MFP model here so as not to be anti-advertising – it was a long time ago.
The printer was connected to a Wi-Fi router, but this did not prevent me from establishing a Peer-to-Peer connection with it in a way unknown to me. Apparently, that's why the developer was more aware. Although I changed all possible printer settings again, the problem recurred. I managed to find a small log in the firmware, from which I understood that the process was launched from a smartphone.
The person apparently drives up to the office specifically, connects to the printer, and prints this nonsense.
What did I do?
Unfortunately, a vengeful friend took advantage of a vulnerability in the printer's firmware and there was nothing much to do. The settings inside were very limited – nothing could be fixed or changed. All that remained was to wait for a new version of the software: on one English-language forum I found information that a bug report had already been sent to the developers, and users were waiting for a firmware update for this device. Under certain conditions, it was possible to access any printer with this firmware via Wi-Fi. What did I do?
I had to connect the printer to the Wi-Fi router the old-fashioned way with a regular cable. Also, just in case, I reduced the power of the internal office Wi-Fi transmitter and set a very complex password so that this friend wouldn't crack it. These are the strange people that can be.
Share