![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
Well.
What's going on is slightly complicated, and not necessarily a big deal, depending. There are eight flaws found in Brother systems, and they all boil down to one fairly serious vulnerability. A flaw was discovered in how Brother generates the default system administrator password based on the serial number of the printer: if the serial number of the printer is known, you can reverse engineer the password. And here's the problem: if you have not changed that password, THEN you are vulnerable to all sorts of potential mischief! And that's where all the other flaws come into play.
Now, if you changed the default password when you installed your printer, then you're fine. Nothing to worry about. Everything's great. If you didn't, then you need to change it ASAP and patch your printer right now!
This flaw also affects 59 printer models from Fujifilm, Toshiba, Ricoh, and Konica Minolta. I'm assuming they use either Brother engines or the same algorithm for generating admin passwords.
The flaw affects 689 printers, the article provides a link with all of the models listed. Since the default password was built into the printer's read-only memory, it can't be patched. Brother is changing the way they generate the password. But again, if you've changed the default password, you're good. The other flaws are patchable, I don't know if patches are out yet but I'm sure they will be available soon if not already.
https://www.theverge.com/news/694877/brother-printers-security-flaw-password-vulnerability
What's going on is slightly complicated, and not necessarily a big deal, depending. There are eight flaws found in Brother systems, and they all boil down to one fairly serious vulnerability. A flaw was discovered in how Brother generates the default system administrator password based on the serial number of the printer: if the serial number of the printer is known, you can reverse engineer the password. And here's the problem: if you have not changed that password, THEN you are vulnerable to all sorts of potential mischief! And that's where all the other flaws come into play.
Now, if you changed the default password when you installed your printer, then you're fine. Nothing to worry about. Everything's great. If you didn't, then you need to change it ASAP and patch your printer right now!
This flaw also affects 59 printer models from Fujifilm, Toshiba, Ricoh, and Konica Minolta. I'm assuming they use either Brother engines or the same algorithm for generating admin passwords.
The flaw affects 689 printers, the article provides a link with all of the models listed. Since the default password was built into the printer's read-only memory, it can't be patched. Brother is changing the way they generate the password. But again, if you've changed the default password, you're good. The other flaws are patchable, I don't know if patches are out yet but I'm sure they will be available soon if not already.
https://www.theverge.com/news/694877/brother-printers-security-flaw-password-vulnerability
no subject
Date: 2025-07-01 05:36 pm (UTC)The fact that a printer needs a password is a flaw in and of itself. Plug the thing in, let it work. Wireless usually screws up without any flaws. It's an example of a simple technology that's been serious screwed up by making it complex for no reason. Well, I suppose the reason has to do with selling your data, and selling aftermarket items like over-priced ink cartridges.
no subject
Date: 2025-07-01 05:58 pm (UTC)no subject
Date: 2025-07-02 03:02 am (UTC)I can't disagree with you on one hand, it would be nice if printers didn't need lots of configuration options and could just be 'plug in and forget about it'. The problem is that if they're connected to a business network, they can be used as a launch point to infiltrate the network for nefarious purposes - and have been used as such. So the administrative interface needs a password, just like your router does, because so many printers these days support wireless printing.
no subject
Date: 2025-07-01 06:01 pm (UTC)no subject
Date: 2025-07-01 09:59 pm (UTC)no subject
Date: 2025-07-02 03:03 am (UTC)I'm quite a fan of them, too, and this will not dissuade me from using them or recommending them. They're still leagues above HP for being customer friendly.
no subject
Date: 2025-07-02 08:30 am (UTC)Are there any good/safe ones out there? :o :o :o
Hugs, Jon
no subject
Date: 2025-07-02 06:02 pm (UTC)It's not a problem if you changed the password, and just like a wireless router, you should have changed it on setup. I'm still a supporter of Brother and wouldn't hesitate to buy one.
no subject
Date: 2025-07-03 03:49 am (UTC)I keep thinking I should boot into Windows and fight my way through, I just haven't cared enough to do it. the printer is 9 years old, but still prints perfectly.
no subject
Date: 2025-07-03 05:25 am (UTC)If it's not networked via WiFi or Ethernet, it's safe. My Samsung laser is supposed to support WiFi, but I lost the CD, and HP gobbled up Samsung's printer division so support for it does not exist. So I'm doing like you: most of the time it was plugged into my iMac, currently the cable is just loose to be plugged into our laptops (with an adapter as our laptops are now USB-C rather than USB-A). My next printer will be WiFi, definitely. Probably a Brother multifunction color laser. About $400 at Best Buy. My Samsung is close to your age, it's on its second toner cartridge.
no subject
Date: 2025-07-03 06:17 am (UTC)no subject
Date: 2025-07-03 02:10 pm (UTC)The same problem exists for WiFi routers: many don't force changing the admin password on initial startup, someone figures out the generation algo, and instant bot army. Part of the problem goes back to the '70s and the premise that the DARPAnet was built upon: trust. They never saw that bad guys would abuse the system the way it has been. And part of it is sheer laziness or lack of skill or management backing ("Must ship NOW!").
no subject
Date: 2025-07-03 06:20 pm (UTC)no subject
Date: 2025-07-03 06:25 pm (UTC)I have weak passwords, but I use them on web sites of trivial value. For sites that need strong passwords, they get them, and those passwords never get used on multiple sites. I really hate these emails that I get from "monitoring services" telling me that the password for my main email account has been compromised because they never tell you what site it was for. I'm not going to go around changing all of my passwords because it was invariably the weak one that was found.