Announcement

Collapse
No announcement yet.

Many printers are exposing their unsecure control panels to the Internet

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Many printers are exposing their unsecure control panels to the Internet

    https://www.bleepingcomputer.com/new...ctions-online/
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    #2
    Check you printer on Shodan.
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    Comment


      #3
      No mention anywhere about consumer printers behind routers using NAT.

      Am I correct to assume that such a printer, like mine, is not Internet facing, so not vulnerable? It did connect and download an update as soon as I plugged it in.

      Setting this printer up was a mission; the instructions that came with it assumed the user has a CD-ROM. in 2017? (Finding the ethernet jack took persistence, it's in the bowels of the printer, However, if I'd noticed the bright orange sticker on the side, which I just did, I might have found it more quickly.) Also, going to Brother.com and following links, and searching, did not find the straightforward instructions to set it up on a debian-derived distro. Eventually I found an AskUbuntu post that linked into that same Brother site. Works well.

      Anyway, nothing suggested that I point my browser at it. Again, a "duh" moment for me. Doing so, the need to set up an administrator password is obvious.
      Regards, John Little

      Comment


        #4
        Originally posted by jlittle View Post
        No mention anywhere about consumer printers behind routers using NAT.

        Am I correct to assume that such a printer, like mine, is not Internet facing, so not vulnerable? It did connect and download an update as soon as I plugged it in.

        Setting this printer up was a mission; the instructions that came with it assumed the user has a CD-ROM. in 2017? (Finding the ethernet jack took persistence, it's in the bowels of the printer, However, if I'd noticed the bright orange sticker on the side, which I just did, I might have found it more quickly.) Also, going to Brother.com and following links, and searching, did not find the straightforward instructions to set it up on a debian-derived distro. Eventually I found an AskUbuntu post that linked into that same Brother site. Works well.

        Anyway, nothing suggested that I point my browser at it. Again, a "duh" moment for me. Doing so, the need to set up an administrator password is obvious.
        If your printer made an internet connection automatically, and automatically DL's an update, then your printer is Internet facing.

        Shodan showed that my printer, an HP P1606dn, can be exposed as well. But, I removed it from my WIFI router and plugged it into my local USB port two years ago because of this exposure problem. Netstat -anlp will show a problem if cupsd is pointing to anything else other than 0.0.0.0:631 or your printer has an external address LISTENING line.
        "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
        – John F. Kennedy, February 26, 1962.

        Comment


          #5
          Again, it's not magic. Don't ever be surprised by what you see, or who sees you ...
          The next brick house on the left
          Intel i7 11th Gen | 16GB | 1TB | KDE Plasma 5.27.11​| Kubuntu 24.04 | 6.8.0-31-generic



          Comment


            #6
            Originally posted by GreyGeek View Post
            If your printer made an internet connection automatically, and automatically DL's an update, then your printer is internet facing.
            I didn't get that. Unless you set it up, a device behind a router using NAT cannot be reached by an inbound connection. Something on the internet would have to break into an outbound connection, say by hacking some site, and then only while the printer had opened such a connection.

            Alas, that's IPv4 thinking. IPv6 doesn't need or use NAT. I need to check out the story with my router; it's an ISP supplied, designed by them, made by Technicolor, and has a "Firewall" turned on. The lack of any details about what that means or does is a worry.

            Shodan showed that my printer, an HP P1606dn, can be exposed as well.
            "can be exposed", but also Shodan can show if it is exposed. They have a database of devices that are really exposed, which they aggregate from sites that scan the internet. Mine isn't there.

            But, I removed it from my WIFI router and plugged it into my local USB port two years ago because of this exposure problem.
            It's more flexible to have the printer on the LAN. That way a PC doesn't have to be turned on to print; there's not just me using it.

            Netstat -anlp will show a problem if cupsd is pointing to anything else other than 0.0.0.0:631 or your printer has an external address LISTENING line.
            I thought netstat is to be run on the host with the ports, that it won't show ports open on another device on the LAN. nmap shows the printer listening on ports 80, 443, 515, 631 and 9100, but on-line port scanners show nothing open, on IPv4 or IPv6.
            Regards, John Little

            Comment


              #7
              It is "IPv4 thinking" because 70% of the Internet (at least in the USA) is still IPv4. My last ISP, Spectrum, didn't support IPv6 in my area, and neither does my new ISP, Allo Communications. That's why I run Hurricane Electric's IPv6 tunnel, which makes IPv6 my default, with a fallback to IPv4 in under a second.
              "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
              – John F. Kennedy, February 26, 1962.

              Comment

              Working...
              X