Can Spam Invade Your Printer?

Printer spamming? You've got to be joking, right? Maybe not. According to a report by Aaron Weaver entitled Cross Site Printing, this could soon become a reality and the vehicle of delivery would be none other than your web browser. By utilizing specially crafted JavaScript, an attacker could potentially send data to a printer located on a victim's internal network. This could be exploited for several reasons, the most obvious being spam. The possibilities are endless, and somewhat frightening. Just imagine going to the printer to pick up an important document and finding a stack of advertisements for the latest anti-aging cream!

The report also hints that exploiting port 9100, which most network printers listen on, through your browser could allow an attacker to remotely send out faxes. Although there have been no reports of printer spam actually occurring in the field, Weaver has made it clear that the potential definitely exists. Two remedies he recommends are always having an administrator password assigned to your printer and configuring your printer to only accept jobs from a centralized server.