![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewayneWell.
What's going on is slightly complicated, and not necessarily a big deal, depending. There are eight flaws found in Brother systems, and they all boil down to one fairly serious vulnerability. A flaw was discovered in how Brother generates the default system administrator password based on the serial number of the printer: if the serial number of the printer is known, you can reverse engineer the password. And here's the problem: if you have not changed that password, THEN you are vulnerable to all sorts of potential mischief! And that's where all the other flaws come into play.
Now, if you changed the default password when you installed your printer, then you're fine. Nothing to worry about. Everything's great. If you didn't, then you need to change it ASAP and patch your printer right now!
This flaw also affects 59 printer models from Fujifilm, Toshiba, Ricoh, and Konica Minolta. I'm assuming they use either Brother engines or the same algorithm for generating admin passwords.
The flaw affects 689 printers, the article provides a link with all of the models listed. Since the default password was built into the printer's read-only memory, it can't be patched. Brother is changing the way they generate the password. But again, if you've changed the default password, you're good. The other flaws are patchable, I don't know if patches are out yet but I'm sure they will be available soon if not already.
https://www.theverge.com/news/694877/brother-printers-security-flaw-password-vulnerability
What's going on is slightly complicated, and not necessarily a big deal, depending. There are eight flaws found in Brother systems, and they all boil down to one fairly serious vulnerability. A flaw was discovered in how Brother generates the default system administrator password based on the serial number of the printer: if the serial number of the printer is known, you can reverse engineer the password. And here's the problem: if you have not changed that password, THEN you are vulnerable to all sorts of potential mischief! And that's where all the other flaws come into play.
Now, if you changed the default password when you installed your printer, then you're fine. Nothing to worry about. Everything's great. If you didn't, then you need to change it ASAP and patch your printer right now!
This flaw also affects 59 printer models from Fujifilm, Toshiba, Ricoh, and Konica Minolta. I'm assuming they use either Brother engines or the same algorithm for generating admin passwords.
The flaw affects 689 printers, the article provides a link with all of the models listed. Since the default password was built into the printer's read-only memory, it can't be patched. Brother is changing the way they generate the password. But again, if you've changed the default password, you're good. The other flaws are patchable, I don't know if patches are out yet but I'm sure they will be available soon if not already.
https://www.theverge.com/news/694877/brother-printers-security-flaw-password-vulnerability
no subject
Date: 2025-07-03 02:10 pm (UTC)The same problem exists for WiFi routers: many don't force changing the admin password on initial startup, someone figures out the generation algo, and instant bot army. Part of the problem goes back to the '70s and the premise that the DARPAnet was built upon: trust. They never saw that bad guys would abuse the system the way it has been. And part of it is sheer laziness or lack of skill or management backing ("Must ship NOW!").
no subject
Date: 2025-07-03 06:20 pm (UTC)no subject
Date: 2025-07-03 06:25 pm (UTC)I have weak passwords, but I use them on web sites of trivial value. For sites that need strong passwords, they get them, and those passwords never get used on multiple sites. I really hate these emails that I get from "monitoring services" telling me that the password for my main email account has been compromised because they never tell you what site it was for. I'm not going to go around changing all of my passwords because it was invariably the weak one that was found.