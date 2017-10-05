Hundreds of Printers Expose Backend Panels and Password Reset Functions Online (bleepingcomputer.com) 28
Catalin Cimpanu, writing for BleepingComputer: A security researcher has found nearly 700 Brother printers left exposed online, allowing access to the password reset function to anyone who knows what to look for. Discovered by Ankit Anubhav, Principal Researcher at NewSky Security, the printers offer full access to their administration panel over the Internet. Anubhav has provided Bleeping Computer with a list of exposed printers. Accessing a few random URLs, Bleeping has discovered a wide range of Brother printer models, such as DCP-9020CDW, MFC-9340CDW, MFC-L2700DW, or MFC-J2510, just to name a few. The cause of all these exposures is Brother's choice of shipping the printers with no admin password. Most organizations most likely connected the printers to their networks without realizing the admin panel was present and wide open to connections. These printers are now easy discoverable via IoT search engines like Shodan or Censys.
Connected Directly to the Internet? (Score:3)
Re: (Score:3, Informative)
My former employer is a great example of publicly accessible printers. Multiple arguments (not disagreements... straight up arguments) with my manager at how absurd this was all so "a few people might need to print something from home and have it on their desk at work". No VPN. No locking down the printers to be only accessible from our subnet even. Plain ole HP 4250's exposed to the world with original firmware.
The best part was when 6 months after i gave up on arguing, we started getting printer spamm
Re: (Score:2)
Exactly what I was thinking. Who the hell lets inbound unsolicited connections into their network?
Re: (Score:2)
Exactly what I was thinking. Who the hell lets inbound unsolicited connections into their network?
Way more people than anyone who knows better would believe. Just look at all of the security camera hacks from the past few years. Almost all of those involve people exposing their devices (like security cameras) to the internet via port forwarding so they can remotely access them. The same people who don't know to set a damn password (or reset the default) on those devices. All it usually takes is some port scanning or even just a little google-fu to find them.
Re: (Score:3)
I've come into numerous environments throughout my career that had a multitude of printers set up on public IP's, no firewall, and in numerous cases, with the default admin password. No valid reason for doing so. Just a lack of proper management.
Re: (Score:1)
Vintage IOT, enjoy!
Re: (Score:2)
Re: (Score:2)
Not necessarily. If these printers are factory configured to use uPnP and their edge firewalls allow it, these printers could punch their way out even if they were on a network with private IP space.
I'd bet that many of these printers are on small business DSL or cable connections that come with a pool of public addresses and these folks just connected directly to the Internet. No firewall, no security.
Re: (Score:2)
I've found copiers online like this (Score:2)
It was some years back, but I believe I signed into the first one, looked in the address book on it, and emailed a few of the folks who were listed to say "Hey, I got your address from a copier in your office that's exposed to the Internet. Please pass along to your IT folks to fix that."
don't need no password to just print to them! (Score:2)
don't need no password to just print to them! and yes there one with an public ip
I still have a working 4000 with JetDirect card (Score:2)
I still have a working 4000 with JetDirect card no it's not online and is only turned on when I need to print.
Brother (Score:2)
Consistently the worst brand of printers I have to deal with. When clients ask for me for a printer recommendation, the short answer is "anything other than Brother".