Researchers at Rapid7 have found many vulnerabilities in a range of printers. Brother has stated that one vulnerability cannot be patched for their affected machines but they do have a workaround. Other manufacturers printers have also been impacted, these include Ricoh, Toshiba, Fujifilm and Konica Minolta. The impact for the number of printers from these other manufacturers are far less than those impacting Brother devices.
2 Likes
Sure but users can presumably mitigate fairly easily:
- Don’t set up a printer even accessible to the internet unless you really, really need to do so, and
- Always change the password as one of the first things that you do.
It’s great that default passwords are not just a fixed string these days but you should still change the password as part of the initial setup.
This is due to the discovery of the default password generation procedure used by Brother devices.
That isn’t really the problem though. This is just a failed attempt at security-through-obscurity. Security should never rely on the algorithm or code being secret.
As an aside, if the serial numbers are issued sequentially then it isn’t really great to base any algorithm on the premise that the serial number is a secret.
2 Likes