[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Samsung Printers Have Hidden Security Risk
By Mathew J. Schwartz
November 28, 2012
Some Samsung printers and Dell-branded printers manufactured by Samsung
are vulnerable to being taken over remotely by an attacker.
That warning was made Monday by the U.S. Computer Emergency Readiness
Team (CERT), which said that the affected printers "contain a hardcoded
SNMP full read-write community string that remains active even when SNMP
is disabled in the printer management utility." In other words, the
printers have a hardcoded account in their firmware that can't be
disabled by users. SNMP, or simple network management protocol, is a
TCP/IP-based network protocol used to manage and monitor network device
As a result of the vulnerability, "a remote, unauthenticated attacker
could access an affected device with administrative privileges,"
according to the CERT information security advisory. "Secondary impacts
include: the ability to make changes to the device configuration, access
to sensitive information -- e.g. device and network information,
credentials, and information passed to the printer -- and the ability to
leverage further attacks through arbitrary code execution." That means
that after accessing the administrator account, attackers could
theoretically transform the printer into a malware-spewing attack
platform that's able to target any other network-connected device
located inside the same network segment or firewall.
Samsung has acknowledged the vulnerability and promised to release a
patch within days. "Samsung is aware of and has resolved the security
issue affecting Samsung network printers and multifunction devices. The
issue affects devices only when SNMP is enabled, and is resolved by
disabling SNMP," said Samsung spokesman Reuben Staines via email. "We
take all matters of security very seriously and we are not aware of any
customers who have been affected by this vulnerability. Samsung is
committed to releasing updated firmware for all current models by
November 30, with all other models receiving an update by the end of the
year. However, for customers that are concerned, we encourage them to
disable SNMPv1.2 or use the secure SNMPv3 mode until the firmware
updates are made."
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!