thewayne: (Default)
[personal profile] thewayne
Well.

What's going on is slightly complicated, and not necessarily a big deal, depending. There are eight flaws found in Brother systems, and they all boil down to one fairly serious vulnerability. A flaw was discovered in how Brother generates the default system administrator password based on the serial number of the printer: if the serial number of the printer is known, you can reverse engineer the password. And here's the problem: if you have not changed that password, THEN you are vulnerable to all sorts of potential mischief! And that's where all the other flaws come into play.

Now, if you changed the default password when you installed your printer, then you're fine. Nothing to worry about. Everything's great. If you didn't, then you need to change it ASAP and patch your printer right now!

This flaw also affects 59 printer models from Fujifilm, Toshiba, Ricoh, and Konica Minolta. I'm assuming they use either Brother engines or the same algorithm for generating admin passwords.

The flaw affects 689 printers, the article provides a link with all of the models listed. Since the default password was built into the printer's read-only memory, it can't be patched. Brother is changing the way they generate the password. But again, if you've changed the default password, you're good. The other flaws are patchable, I don't know if patches are out yet but I'm sure they will be available soon if not already.

https://www.theverge.com/news/694877/brother-printers-security-flaw-password-vulnerability

Date: 2025-07-01 05:36 pm (UTC)
warriorsavant: (Computer-steampunk)
From: [personal profile] warriorsavant

The fact that a printer needs a password is a flaw in and of itself. Plug the thing in, let it work. Wireless usually screws up without any flaws. It's an example of a simple technology that's been serious screwed up by making it complex for no reason. Well, I suppose the reason has to do with selling your data, and selling aftermarket items like over-priced ink cartridges.

Date: 2025-07-01 05:58 pm (UTC)
dewline: Text - "On the DEWLine" (Default)
From: [personal profile] dewline
Yeah. I'd agree with all of this.

Date: 2025-07-01 06:01 pm (UTC)
devilc: Go Like Hell (Default)
From: [personal profile] devilc
FFFFFFFFFFF!

Date: 2025-07-01 09:59 pm (UTC)
tfcocs: (Default)
From: [personal profile] tfcocs
Thanks for the link. I am a fan of Brother laser printers, so this will make for some interesting reading.

Date: 2025-07-02 08:30 am (UTC)
disneydream06: (Disney Shocked)
From: [personal profile] disneydream06
Well, HP printers suck and now Brother.
Are there any good/safe ones out there? :o :o :o
Hugs, Jon

Date: 2025-07-03 03:49 am (UTC)
delibby: (Default)
From: [personal profile] delibby
I'm pretty sure I didn't change a password on my printer. But since I can't currently get it connected to the wifi and have to carry a computer to it and plug in a cable, I'm guessing I'm pretty safe.

I keep thinking I should boot into Windows and fight my way through, I just haven't cared enough to do it. the printer is 9 years old, but still prints perfectly.

Date: 2025-07-03 06:17 am (UTC)
silveradept: A kodama with a trombone. The trombone is playing music, even though it is held in a rest position (Default)
From: [personal profile] silveradept
This particular flaw could have quite the issue, if we find out that a lot of us haven't changed passwords from the default. Something I do wonder, though, is why manufacturers of devices with default passwords aren't required to have some routine run upon first boot and login, and after every factory reset, that requires the default password to be changed. If you don't give the user the choice to leave the defaults, then it seems like security on the devices improves greatly.,

Date: 2025-07-03 06:20 pm (UTC)
silveradept: A kodama with a trombone. The trombone is playing music, even though it is held in a rest position (Default)
From: [personal profile] silveradept
I would much rather have that Internet that ran on trust and that routinely found ways of excluding people who break the trust than what we have now, but since we don't have that, it seems important that we manage those things accordingly and make sure that if there's a weak password, it's there because the user chose it instead of because it's the default. (And then keep working diligently to make it possible for even weak passwords to exist safely.)

July 2025

S M T W T F S
   1 2345
6789101112
13141516171819
20212223242526
2728293031  

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Jul. 8th, 2025 07:21 am
Powered by Dreamwidth Studios