Not much time today, so just a list of “features” I’ve discovered on my shiny new Samsung M2825 printer.

• HTTP but no HTTPS (admittedly most devices do that since there is the problem of how to start the certificate chain)
• Default user / password: “admin” / “sec00000”
• No mention of open HTTP server in installation manual
• No mention in handbook
• Shipped with firmware from 2015
• Firmware update dialog does not indicate that new firmware is available
• Firmware update via file upload from PC – not convenient
• Ton of protocols switched on by default
• HTML Handbook broken (text only) after unpacking
• Firmware well-hidden on the support page (unfold and scroll down): http://www.samsung.com/de/support/model/SL-M2825ND/SEE (edit 2018-07-01: this link not available anymore)
• Password cut after 18 characters (no indication when entering new password)
• Offers to select source IP for login (probably intended to improve “security”)

tl;dr:

Another example that “S” stands for security in IOT.