Hackers can #crash your #unpatched #printers

Security researchers have said they’ve uncovered a new way for hackers to crash Brother printers.

More specifically, they’ve put out an advisory saying a vulnerability in the web front-end of Brother printers (the Debut embedded http server) allows an attacker to launch a Denial of Service attack. The attack might be carried out simply by sending a single malformed HTTP POST request, they claim.

“The attacker will receive a 500 error code in response, the web server is rendered inaccessible and all printing will cease to function,” Trustwave explains. “This vulnerability appears to affect all Brother printers with the Debut web front-end.”

More than 16,000 vulnerable devices are accessible from the internet, according to figures from a search using the Internet of Things search engine Shodan.

Trustwave went public with the flaw – and suggestions for mitigation – after failing to get a response from Brother. El Reg asked Brother for response via its web form and customer support Twitter feed early on Tuesday but we’ve yet to get a reply either. We’ll update this article as and when more information comes to hand.

Enterprise sysadmins were advised by the researchers to restrict web access to Brother printers using a firewall or similar device.

Hacktivists and other types are known to target printers as a means to attack corporate networks or simply out of pure devilment. Trustwave warned it would be mistake to dismiss such denial of service attacks as a mere nuisance since they tie up resources and reduce productivity at any organisation.

There’s also the possibility, as Trustwave points out, that hackers might crash the printers of a targeted organisation before showing up as its office while posing as a technician who has come to resolve the problem. Impersonating a technician would allow the attacker direct physical access to IT resources that they might never have been able to access remotely, the security vendor warns.

Leave a Reply