Oh Brother: Hackers can crash your unpatched printers – researchers

DoSsing for fun and profit not just a 'nuisance', they warn

Updated Security researchers have said they've uncovered a new way for hackers to crash Brother printers.

More specifically, they've put out an advisory saying a vulnerability in the web front-end of Brother printers (the Debut embedded http server) allows an attacker to launch a Denial of Service attack. The attack might be carried out simply by sending a single malformed HTTP POST request, they claim.

“The attacker will receive a 500 error code in response, the web server is rendered inaccessible and all printing will cease to function,” Trustwave explains. “This vulnerability appears to affect all Brother printers with the Debut web front-end.”

More than 16,000 vulnerable devices are accessible from the internet, according to figures from a search using the Internet of Things search engine Shodan.

Trustwave went public with the flaw - and suggestions for mitigation - after failing to get a response from Brother. El Reg asked Brother for response via its web form and customer support Twitter feed early on Tuesday but we’ve yet to get a reply either. We’ll update this article as and when more information comes to hand.

Enterprise sysadmins were advised by the researchers to restrict web access to Brother printers using a firewall or similar device.

Hacktivists and other types are known to target printers as a means to attack corporate networks or simply out of pure devilment. Trustwave warned it would be mistake to dismiss such denial of service attacks as a mere nuisance since they tie up resources and reduce productivity at any organisation.

There’s also the possibility, as Trustwave points out, that hackers might crash the printers of a targeted organisation before showing up as its office while posing as a technician who has come to resolve the problem. Impersonating a technician would allow the attacker direct physical access to IT resources that they might never have been able to access remotely, the security vendor warns.

Trustwave SpiderLab's full advisory on the Brother printer DoS risk, featuring a proof-of-concept attack, can be found here. ®

Updated on Monday 13 November to add: A spokesperson for Brother UK got in touch to say: "We acknowledge the issue raised by Trustwave SpiderLabs and we are currently investigating. We are committed to providing a solution and update in due course.

"We take the security of our devices extremely seriously. If a printer is connected to a private, secured network, as in most home or office environments, rather than one that is publicly accessible on the internet (open network), it is protected by a firewall, as any other device would be.

"We recommend that the printer password feature is always activated. For those with advanced requirements, Brother offers industry standard protocols such as IPsec, SSL, TLS, SNMPv3 and more, which can be enabled to further secure the printing environment.

"We encourage any customers with questions about their Brother printer security and set up to contact our customer services team for assistance and guidance. They can be reached on 0333 777 4444."


Biting the hand that feeds IT © 1998–2017