Hundreds of Brother Printers Exposed Online

NewSky Security researcher Ankit Anubhav discovered approximately 700 Brother printers unsecured and exposed to the internet. Using Shodan, a publicly available internet-of-things (IoT) search engine, NJCCIC analysts determined that this exposure impacts some organizations within New Jersey. Several of these printers’ administrative panels are remotely accessible over TCP ports 80 and 443 and either use default login credentials – or do not require login credentials at all – to view or modify settings. These printers also have several ports open including TCP port 21 (FTP) and TCP port 23 (Telnet) creating additional opportunities for unauthorized access into both the device and the organization’s network. This access allows a remote actor to do the following: view the device status, printer model, serial number, MAC address, firmware version, ink levels, and network configuration; update firmware; enable proxies; change administrator passwords; modify sound volume, contact information, device status, time, and date; create a self-signed certificate and private key; and even upload documents and send jobs to the printer. Exposed printers include Brother models HL-L2360D, MFC- J470DW, MFC-J480DW, MFC-J485DW, MFC-J440DW, MFC-7360N, MFC-9330CDW, MFC-9970CDW and one SATO CL4NX printer. The NJCCIC recommends organizations using internet-enabled printers isolate them from the public internet, change the default password to the administrative control panel, close all unnecessary ports and services, whitelist IP addresses/IP subnets or require a VPN to access the local network, and keep all firmware updated.