Printer updates require immediate attention
A wave of security vulnerabilities has been discovered in nearly 750 printer models across five leading brands, including Brother, Fujifilm, Ricoh, Toshiba, and Konica Minolta. The security flaws were identified by researchers at U.S. cybersecurity firm Rapid7.
### Affected Printer Models
The affected models include approximately 689 printer, scanner, and label maker models from Brother, 46 printer models from Fujifilm Business Innovation, 5 printer models from Ricoh, 2 printer models from Toshiba Tec Corporation, and 6 printer models from Konica Minolta, Inc.
### Nature of the Critical Vulnerability
The most serious flaw, tracked as CVE-2024-51978, allows a remote, unauthenticated attacker to bypass authentication by generating the device’s default administrator password if the attacker knows the printer's serial number. The default password is generated via a predictable procedure based on the printer's unique serial number set during manufacturing.
Attackers can first leak the serial number (CVE-2024-51977) and then generate the default password to access the device remotely. This flaw enables further exploits such as retrieving sensitive information, crashing devices, opening network connections, performing HTTP requests, and revealing connected network passwords.
### Firmware Updates and Mitigation Measures
Brother has released firmware updates to fix seven of the eight vulnerabilities, but the critical authentication bypass vulnerability (CVE-2024-51978) cannot be fully patched via firmware. Brother is addressing this flaw only by changing its manufacturing process for future devices, meaning current owners remain vulnerable unless they apply workarounds.
The recommended immediate mitigation is for users to change the default administrator password to a strong, unique password. This prevents attackers from exploiting the default password generation flaw. Users should also apply all available firmware updates to patch the other seven vulnerabilities.
For Brother printers, users can check their model against the official impacted list and follow Brother’s guidance on changing passwords and firmware updates. For Fujifilm, Ricoh, Toshiba, and Konica Minolta affected models, users should similarly check for firmware updates from their respective manufacturers and change default passwords promptly.
### Summary of User Actions
1. Identify if your printer model is affected by consulting the lists published by Brother and Rapid7. 2. Immediately change the default administrator password on your printer to a strong, unique password. 3. Update the printer firmware using the manufacturer's official update tools to patch addressable vulnerabilities. 4. For Brother users, recognize that the critical flaw cannot be fully fixed in existing models, so changing passwords and network-level protections are vital. 5. Stay alert for official patches or guidance from Fujifilm, Ricoh, Toshiba, and Konica Minolta regarding these security issues.
By following these steps, users can significantly reduce the risk of remote hacking via these printer vulnerabilities while awaiting more comprehensive fixes or hardware replacements.
Technology plays a crucial role in mitigating the security risks posed by the identified printer vulnerabilities. Users should update their printer firmware using the manufacturer's official tools to address the addressable vulnerabilities and change the default administrator password to a strong, unique password to prevent unauthorized access.
