A security researcher has discovered nearly 700 Brother printers left exposed online exposing corporate and government networks to hack.
The security researcher Ankit Anubhav, principal researcher at NewSky Security, has discovered nearly 700 Brother printers left exposed online. Anyone can access the administration panel of the printers and take control of the devices.
Anubhav disclosed its discovery via Bleeping Computer providing it a list of exposed printers.
“Accessing a few random URLs, Bleeping has discovered a wide range of Brother printer models, such as DCP-9020CDW, MFC-9340CDW, MFC-L2700DW, or MFC-J2510, just to name a few.” states Bleeping Computer.
Review of this article
Security of the networkPrinters can be tricky to configure. They generally do not have very friendly drivers, even for developers. Their drivers are generally custom-built and without any standard. It can be hard to maintain and update the drivers. That is a problem for security.
To try to manage the security, the first step is to avoid printers to be accessible by the outside world, i.e. to configure a LAN. With a LAN, you can separate the exit of your network to the Internet from each device in the network (including printers).
Possible solutionsTo create a LAN there are 2 solutions. You can create a physical LAN by configuring switches. It can be very tedious, hard to maintain and does not permit remote access from authorized users.
The other solution is to create a virtual network. Our solution, MyCrypNet, provides an easy way to create a network with remote devices. That way, you can access your printer from everywhere in the world. Your printer will be accessible only via that specific network.