Bleepingcomputer: Nearly 700 Brother printers left exposed online

Topic

New Reply

Another article by Catalin Cimpanu (October 5th, 2017) for bleepingcomputer.com, warns of a problem with security of internet-connected Brother printe
[See the full post at: Bleepingcomputer: Nearly 700 Brother printers left exposed online]

2 users thanked author for this post.

Noel Carboni, woody

Reply | Quote

Replies

I have a Brother printer.  It, two computers, and a Roku box are connected wirelessly to my Wi-Fi router.  By typing the web address assigned to the printer by my router into the address box of my computer I can access information about the Brother printer.  Some of the information is available without any user name or password.  General setup and administrator settings require a user name and password.  However, the default user name and password can be easily guessed.

I will be changing the password to something more secure.

Thanks for the heads-up.

Reply | Quote

Try as I might, I can’t see any need for an online printer. They are a huge vulnerability on your network. If you need to be able to print remotely, then connect it properly through your network, so that it will be secure. Or set up your email client to print the attachment under certain conditions, such as a keyword that you include in the subject line.

There is a huge push to get EVERYTHING online; but there isn’t much push to get it online in a secure way. A lot of regular non-IT folks are falling into this trap in a big way.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

6 users thanked author for this post.

Steve, Elly, lurks about, Noel Carboni, flackcatcher, ryegrass

Reply | Quote

For a family, do not forget sneakernet often works very well.

Reply | Quote

“Brother” is the brand name in this particular headline, but it’s not the only printer that’s cloud-integrated. We have a few years old HP Envy model, for example, that connects to our wifi and thus the world.

The attraction to just plugging a printer into the wall and being able to print from your devices is obvious – ease of setup, flexibility of use… All good, right?

It’s easy to fail to think about what’s involved with accomplishing that… What has to be done in order to change a printer from a dumb, dedicated device hooked to a parallel port to a network-aware appliance? And what CAN be done by the device after you do that?

Let us not forget that to even get a network-enabled printer to connect to your wifi in the first place you must give it some security information about your network. You do remember entering the wifi information, including password, to get it to connect, right?

Did you really think about TRUSTING the company that made it with that information?

It’s really a mystery what it does online. It doesn’t put up a status describing its activities. HP is probably not abusing the information, but we can’t know.

And it DOES do things online! That’s obvious even by basic observation. Not only are there “Apps” on the front panel, but late at night its lights sometimes come on; it occasionally emits little sounds and moves its parts implying reboots and who knows what.

These are the web servers I’ve seen it attempt to contact:

h10141.www1.hp.com
h20591.www2.hp.com
h20593.www2.hp.com
h20629.www2.hp.com
registration.hpeprint.com
whp-hou9.cold.extweb.hp.com
xmpp003.hpeprint.com

Watching its DNS activity, it’s clear it’s attempting such communications virtually ALL THE TIME. On another front, not long ago right here on AskWoody we heard of a firmware update that would break its ability to print with non-HP cartridges. Now imagine what that means… Here you have a device inside your network that can update its own software to do things it never did before.

The point is that it’s “just a wifi printer”, yet it DOES go online, all by itself, and we aren’t given information as to what it’s doing. Does it have a microphone? Camera? Does it inform online servers of the contents of the documents we print? It’s not easy to tell! And – notably – it DOESN’T offer any ability to configure it NOT to go online!

Beyond going online… My firewall catches it trying to make connections to my other computer systems on the LAN. Wait, what? Yes, you read that right, not only are the computer systems and other devices connecting to the printer (presumably to be ready to print), but the printer is trying to initiate port 5357 “Web Services For Devices” and other Windows networking connections (UDP port 57007 anyone?) to the computer systems! The cart is before the horse!

Since having stopped ours from resolving DNS names quite a while ago I’ve noticed it’s become a little better behaved. I haven’t seen it reboot itself since then, for example. Even so, it has maintained a relentless campaign to contact its mothership, “xmpp003.hpeprint.com”, ever since. Such attempts occur every minute or two.

Note that just blocking DNS name resolution doesn’t stop an internet appliance from reaching out to the network (e.g., via hard-coded addresses, and let’s not forget IPv6 directly or via tunneling). One has to exercise additional means to block such communications – means not normally available to those who might blithely just plug one of these boxes in and hope for the best.

Morals of the story:

It’s not just “Brother” brand printers and network hackers, but Internet enabled appliances om general and TRUST that we’re talking about here – and not some future tech, but the boxes we already have in our networks, interacting in who-knows-what ways today (tonight!) with other systems who-knows-where.

Try to be aware of what you may be giving up for a bit of convenience in connecting and locating your network-enabled printer!

-Noel

6 users thanked author for this post.

AlexEiffel, Steve, MrJimPhelps, ryegrass, Kirsty, Elly

Reply | Quote

Good piece here, Noel.

I would add that buying a dumb cloud based printer that brags about you being able to print from everywhere on the web and combining that with a UPnP default enabled router to punch a hole in your firewall without you knowing it and making your probably insecure device available from the outside to the whole world, inviting them to hack it and access your internal network as if there was no firewall no more is probably a security mistake that is very hard to understand for most folk and you can’t blame them.

Reply | Quote

Can hackers steal my ink?

Reply | Quote

Yes, essentially.

One way would be for them to print things you don’t want printed, using up your resources. Kind of a modern rehash of the fax ads that show up on fax machines at work.

Also, the tech can disable or potentially even damage a print cartridge, so that’s another possible way.

Or they can compromise your printer’s system and use it as a launching pad for a cyber attack from right inside your LAN, steal your bank passwords. Your printer ink will be the least of your concerns.

-Noel

Reply | Quote

On a related note, I just saw a survey done in my country that said les than 1% or so people were interested in buying connected objects. It is one thing to buy a connected tv because you can only buy connected past a certain price point to get the quality you want maybe, it is another to try to sell connected objects for the sake of being cool online and thinking people will want to pay for products they don’t really have a need for.

 

Reply | Quote