PCWorld, The Verge, and other tech and mainstream media outlets are reporting critical vulnerabilities discovered in various home and business printers, scanners, and label printers manufactured by Brother, including its popular 689 model. Output devices that use Brother components but are made by OEMs Fujifilm, Konica Minolta, Ricoh, and Toshiba also are affected by the faulty printer security.
Passwords Fail Printer Security Test
Passwords seem to be a major part of the problem for Brother, which Rapid7 Labs says uses a weak algorithm to generate the password from the device’s serial number and a static table. The most dangerous vulnerability, known as CVE-2024-51978, allows attackers to determine a printer’s default admin password. Other vulnerabilities allow hackers to access sensitive data from the printer, cause the printer to crash, establish unauthorized network connections, or disclose passwords of connected devices. Further details can be found in the Rapid7 report.
Brother has provided firmware updates for seven of the eight vulnerabilities. However, the critical password vulnerability is not patchable and cannot be fixed by an update, according to PCWorld, as it occurs in the manufacturing process where default passwords are set. Brother plans to solve the problem in future models with a change in the manufacturing process. For existing devices, users must manually change the admin password on their devices from the default.
