US-CERT: Samsung Printer Vulnerability Opens Backdoor To Admin Rights7:22 PM EST Wed. Nov. 28, 2012
US-CERT has issued an advisory warning that Samsung printers contain a hard-coded password that could allow a remote attacker to take control of an affected device.
The problem involves "a hard-coded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility," according to the CERT advisory. "A remote, unauthenticated attacker could access an affected device with administrative privileges."
The advisory also states that an attacker could change the device configuration and gain access to network information, user credentials and information passed through the printer, as well as set the stage for further exploits.
The issue also impacts printers marketed under the Dell brand but manufactured by Samsung through an OEM agreement. Both companies have issued statements indicating that printers released after Oct. 31 are not impacted by this vulnerability, and that a patch will be issued to resolve the glitch with printers manufactured prior to that date. During the interim, CERT says that blocking the custom SNMP trap port of 1118/udp will help mitigate the risks. In addition, administrators and channel partners are urged to ensure that the systems are connected to trusted hosts and networks in order to further reduce the risk of attack.
Network enabled printers have emerged as a new attack surface in recent years, and manufacturers have only recently begun to consider security measures in the design of these systems. Elements include user authentication, print job tracking information and policies to combat social engineering, such as timely collection of printed documents and the wiping of the printer's memory when the device is taken out of service.
Most recently, HP included server authentication features and other security enhancements for its printers during an extensive rollout of security capabilities in September. HP last year had been criticized in a Columbia University research study for firmware vulnerabilities in its printers that made the devices susceptible to remote code execution, including the forwarding of printed documents to a remote computer.
In some cases, printers may be subject to HIPAA requirements and other regulatory restrictions.
PUBLISHED NOV. 28, 2012