Spammers can deliver to your printer
A paper by Aaron Weaver describes how a web browser can be fooled into connecting to a printer and sending a print job from a crafted HTML page. Networked printers listen on a known port (9100). Once a connection is made to the printer, it attempts to print any data received as soon as the connection is terminated. The most basic example of this attack uses an <img> tag. e.g. <img src="myprinter:9100/Printed_from_the_web"> where myprinter is the IP address of the local printer. This causes the transaction headers of a GET request to be printed once the browser's request has timed out due to lack of an expected response from the printer. However, although this qualifies as a proof of concept, the "user data", for example "Printed_from_the_web", is URL encoded, so unless it is trivial it will probably be somewhat unreadable.
However Weaver also offers a more functional technique: to code an HTML form using the POST method. For example
<FORM ACTION='HTTP://YOURPRINTER:9100' ID='MSGFORM' ENCTYPE='MULTIPART/FORM-DATA' METHOD='POST'>
<TEXTAREA NAME='MSG' ID='MSG' WRAP='NONE' ROWS='50' COLS='100'>
TESTING THIS PRINTER OUT.
</TEXTAREA><INPUT TYPE=SUBMIT VALUE=SUBMIT></FORM>
The fundamental problem is a complete lack of security at most printers: a permanently open port, normally with no authentication. The only hurdle faced by an attacker is determining the printer IP address. However, an iterator script is hardly challenging to create, and, particularly for printers on home networks, the printer address is unlikely to be difficult or slow to find: most likely in the bottom 16 addresses of the 192.168.0.0 private block.
To protect against such attacks, Weaver suggests setting an admin password on the printer, and ideally piping all print jobs via a trusted print server. However, neither of these options is generally available to the home user. But as the technique is so simple and the ideal vector for its distribution would be Iframe injection into the pages of unsecured legitimate web sites, consumer-oriented printer spam may become commonplace in the future.
- CROSS SITE PRINTING - Printer Spamming, paper by Aaron Weaver