Published in News

Printers expose passwords online

by on06 October 2017


Oh Brother

A security researcher has found nearly 700 Brother printers left exposed online, allowing access to the password reset function to anyone who knows what to look for.

Ankit Anubhav, Principal Researcher at NewSky Security said the printers offer full access to their administration panel over the Internet.

According to Bleeping Computer https://www.bleepingcomputer.com/news/security/hundreds-of-printers-expose-backend-panels-and-password-reset-functions-online/ a wide range of Brother printer models, such as DCP-9020CDW, MFC-9340CDW, MFC-L2700DW, or MFC-J2510 have the issue.

The cause of all these exposures is Brother's choice of shipping the printers with no admin password. Most organizations most likely connected the printers to their networks without realizing the admin panel was present and wide open to connections.

These printers are now easy discoverable via IoT search engines like Shodan or Censys.

Organisations running Brother printers should verify if the printer exposes the administration panel by default online, and/or set a custom password to prevent unauthorised access to the device.

 

Last modified on 06 October 2017
Rate this item
(0 votes)

Read more about: