Possibly Thousands of Exposed Brother Printers Online

Security researcher Ankit Anubhav, principal researcher at NewSky Security, has discovered a bunch of Brother printers exposed online. Anyone can access the administration panel of those exposed Brother printers and take control of them.

Anubhav disclosed the issue to Bleeping Computer.

“Accessing a few random URLs, Bleeping has discovered a wide range of Brother printer models, such as DCP-9020CDW, MFC-9340CDW, MFC-L2700DW, or MFC-J2510, just to name a few.” states Bleeping Computer.

Bleeping Computer also forwarded the list to the popular researcher Victor Gevers that once analyzed it will notify the affected organizations.

Many of the exposed Brother printers had factory settings on them, and Brother ships those printers with no admin password on them.

As a test, we went on Shodan, looked up Brother and narrowed it down to New York, which resulted in 90 exposed Brother printers.

exposed brother printers

We contacted the university immediately and we are working on advising other affected companies, universities, and Government agencies!

How bad could this be?

A “funny” attacker could change those printers passwords.

A “Not-so-Funny” attacker could deliver tainted firmwares, causing printers to send copies of printed documents to an attacker’s server.

What to do?

Change your default printer password to prevent unauthorized access and please, limit accessibility!

Be quick. You don’t want to be the next Deloitte.

Mohamad El Hout, MBA, M.Eng., CISSP

Mohamad is an entrepreneur and a Senior Security Consultant dealing with the design and delivery of standard and complex security gateway solutions, covering a wide range of cutting edge technologies. His interests include business, technology, leadership, sports, and the continuous pursuit of knowledge.

Leave a Reply

%d bloggers like this: