Hundreds of Printers Expose Backend Panels and Password Reset Functions Online
Found on Bleeping Computer on Thursday, 05 October 2017
One of the cause of some of these exposures is Brother's choice of shipping the printers with no admin password. Most organizations most likely connected the printers to their networks without realizing the admin panel was present and wide open to connections.
An attacker could include spyware-like behavior in tainted firmware updates and have printers send copies of printed documents to an attacker's server.
In the past, printers were just dumb machines that offered no real value to an attacker. With the idea to add a network port to everything, this changed. Especially since today printers are more powerful than computers back then and thus offer a nice backdoor that many won't think of.