Not much time today, so just a list of “features” I’ve discovered on my shiny new Samsung M2825 printer:
- HTTP but no HTTPS (admittedly most devices do that since there is the problem of how to start the certificate chain)
- Default user / password: “admin” / “sec00000”
- No mention of open HTTP server in installation manual
- No mention in handbook
- Shipped with firmware from 2015
- Firmware update dialog does not indicate that new firmware is available
- Firmware update via file upload from PC – not convenient
- Ton of protocols switched on by default
- HTML Handbook broken (text only) after unpacking
- Firmware well-hidden on the support page (unfold and scroll down): http://www.samsung.com/de/support/model/SL-M2825ND/SEE (edit 2018-07-01: this link not available anymore)
- Password cut after 18 characters (no indication when entering new password)
- Offers to select source IP for login (probably intended to improve “security”)
tl;dr:
Another example that “S” stands for security in IOT.