Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hundreds of Printers Expose Backend Panels and Password Reset Functions Online (bleepingcomputer.com)

Posted by msmash on from the ignorance-is-bliss,-not dept.

Catalin Cimpanu, writing for BleepingComputer: A security researcher has found nearly 700 Brother printers left exposed online, allowing access to the password reset function to anyone who knows what to look for. Discovered by Ankit Anubhav, Principal Researcher at NewSky Security, the printers offer full access to their administration panel over the Internet. Anubhav has provided Bleeping Computer with a list of exposed printers. Accessing a few random URLs, Bleeping has discovered a wide range of Brother printer models, such as DCP-9020CDW, MFC-9340CDW, MFC-L2700DW, or MFC-J2510, just to name a few. The cause of all these exposures is Brother's choice of shipping the printers with no admin password. Most organizations most likely connected the printers to their networks without realizing the admin panel was present and wide open to connections. These printers are now easy discoverable via IoT search engines like Shodan or Censys.

7 of 61 comments (clear)

  1. Connected Directly to the Internet? by nsuccorso · · Score: 3, Interesting

    Do the printers have to be connected to routable IPs and have the admin ports wide open? Who connects their printer to the public internet? Or is there something more sinister involved?

    1. Re:Connected Directly to the Internet? by Anonymous Coward · · Score: 3, Informative

      My former employer is a great example of publicly accessible printers. Multiple arguments (not disagreements... straight up arguments) with my manager at how absurd this was all so "a few people might need to print something from home and have it on their desk at work". No VPN. No locking down the printers to be only accessible from our subnet even. Plain ole HP 4250's exposed to the world with original firmware.

      The best part was when 6 months after i gave up on arguing, we started getting printer spammed and all eyes were on me as though my mentioning it could happen automatically made me at fault.

      "Hey what about ice bergs?"

      This of course was the local university where everyone bends over backwards to anyone with a PHD because they always know better.

      Best career move i could make was leaving the Titanic.edu!

    2. Re:Connected Directly to the Internet? by FictionPimp · · Score: 2

      Exactly what I was thinking. Who the hell lets inbound unsolicited connections into their network?

    3. Re:Connected Directly to the Internet? by Tarlus · · Score: 3, Informative

      I've come into numerous environments throughout my career that had a multitude of printers set up on public IP's, no firewall, and in numerous cases, with the default admin password. No valid reason for doing so. Just a lack of proper management.

      --
      /* No Comment */
    4. Re:Connected Directly to the Internet? by lhowaf · · Score: 2

      Equifax?

    5. Re:Connected Directly to the Internet? by EvilSS · · Score: 2

      Exactly what I was thinking. Who the hell lets inbound unsolicited connections into their network?

      Way more people than anyone who knows better would believe. Just look at all of the security camera hacks from the past few years. Almost all of those involve people exposing their devices (like security cameras) to the internet via port forwarding so they can remotely access them. The same people who don't know to set a damn password (or reset the default) on those devices. All it usually takes is some port scanning or even just a little google-fu to find them.

      --
      I browse on +1 so AC's need not respond, I won't see it.
  2. PC LOAD LETTER by Anonymous Coward · · Score: 2, Funny

    PRESS ANY KEY