Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Millions of Brother Printers Are Full of Hackable Bugs
Brother makes some solid, reliable printers. Indeed, for several years running, The Verge named it the best printer you should buy. Unfortunately, the company’s devices appear to be riddled with new zero-day bugs that could allow a savvy cybercriminal to hijack them.
The vulnerabilities were discovered by cybersecurity firm Rapid7, which published a blog about the bugs last week. The blog explains that, after some research, Rapid7’s cyber pros came across a total of eight new zero-day vulnerabilities in the machines. The vulnerabilities are all different, though there is one that is pretty bad. CVE-2024-51978 is an authentication bypass vulnerability that could allow a hacker to nab the printer’s password. Researchers break it down like so:
A remote unauthenticated attacker can leak the target device’s serial number through one of several means, and in turn generate the target device’s default administrator password. This is due to the discovery of the default password generation procedure used by Brother devices. This procedure transforms a serial number into a default password. Affected devices have their default password set, based on each device’s unique serial number, during the manufacturing process. Brother has indicated that this vulnerability cannot be fully remediated in firmware, and has required a change to the manufacturing process of all affected models.
Researchers originally contacted Brother Industries last year, and the printing company and security researchers have been in touch since then, working to mitigate the issues. The bugs are also impacting several other printer brands, including Fujifilm, Ricoh, Toshiba, and Konica Minolta, according to researchers.
Dark Reading notes that millions of devices appear to be impacted. Luckily, researchers note that there is no evidence that the bugs are being exploited in the wild. Brother has also issued patches for the vulnerabilities.
The vulnerabilities were discovered by cybersecurity firm Rapid7, which published a blog about the bugs last week. The blog explains that, after some research, Rapid7’s cyber pros came across a total of eight new zero-day vulnerabilities in the machines. The vulnerabilities are all different, though there is one that is pretty bad. CVE-2024-51978 is an authentication bypass vulnerability that could allow a hacker to nab the printer’s password. Researchers break it down like so:
A remote unauthenticated attacker can leak the target device’s serial number through one of several means, and in turn generate the target device’s default administrator password. This is due to the discovery of the default password generation procedure used by Brother devices. This procedure transforms a serial number into a default password. Affected devices have their default password set, based on each device’s unique serial number, during the manufacturing process. Brother has indicated that this vulnerability cannot be fully remediated in firmware, and has required a change to the manufacturing process of all affected models.
Researchers originally contacted Brother Industries last year, and the printing company and security researchers have been in touch since then, working to mitigate the issues. The bugs are also impacting several other printer brands, including Fujifilm, Ricoh, Toshiba, and Konica Minolta, according to researchers.
Dark Reading notes that millions of devices appear to be impacted. Luckily, researchers note that there is no evidence that the bugs are being exploited in the wild. Brother has also issued patches for the vulnerabilities.
https://gizmodo.com/millions-of-brother-printers-are-full-of-hackable-bugs-2000621683
1 replies
= new reply since forum marked as read
= new reply since forum marked as read
Kick in to the DU tip jar?
This week we're running a special pop-up mini fund drive. From Monday through Friday we're going ad-free for all registered members, and we're asking you to kick in to the DU tip jar to support the site and keep us financially healthy.
As a bonus, making a contribution will allow you to leave kudos for another DU member, and at the end of the week we'll recognize the DUers who you think make this community great.