For unsuspecting users, the fact that printers can be used to conduct cyber attacks is difficult to believe but then when a coffee maker can infect devices with ransomware then why not printers. Recently, IT security researchers at Trustwave discovered a critical vulnerability in printers manufactured by Brother Industries, Ltd., a Japanese multinational
The vulnerability (CVE-2017-16249) exists in the web front-end of Brother printers called Debut (Remote un-authenticated DoS in Debut embedded httpd server in Brother printers) which if exploited can allow attackers to carry Denial of Service (DoS) through the victim’s printer without their knowledge.
“Some people dismiss Denial of Service attacks as a mere nuisance, but they can tie up resources and reduce productivity at any organization,” a Trustwave researcher explained in a blog post. “They can also be used as a part of an in-person attack on an organization. For instance, an attacker can launch a Denial of Service like this one and then show up at the organization as the ‘technician’ called to fix the problem. Impersonating a technician would allow the attacker direct physical access to IT resources that they might never have been able to access remotely.”
The attack is executed by sending a single malformed HTTP POST request. The attacker receives a 500 error code in response, the web server is rendered inaccessible, and all printing cease to function. This vulnerability appears to affect all Brother printers with the Debut web front-end, noted researchers.
Currently, there are more than 16,000 vulnerable devices publicly available on Shodan for attackers to exploit. There has been no response from Brother even after multiple attempts by Trustwave to alert the company regarding the presence of critical vulnerability. Therefore, Trustwave decided to publish their findings to the public even though the vulnerability still exists.
[q]Despite Trustwaves’ attempts to alert Brother about the flaw; there was not a single reply from the firm – Therefore, the flaw still exists.[/q]
The proof-of-concept (PoC) is available here. Therefore, users are on their own and advised to use firewall along with restricting the device access. Remember, in denial-of-service attack (DoS attack); an attacker can make a targeted device unavailable to its users by temporarily or indefinitely disrupting services of a host connected to the Internet.
Previously, HP printers were found vulnerable to attack in which hackers could use its hard drive to host malicious files. In February this year, a hacker took over 1 50,000 printers worldwide and sent alerts to the targeted users about the vulnerability.