US-CERT: Samsung Printer Vulnerability Opens Backdoor To Admin Rights

By Ken Presti
November 28, 2012 7:22 PM ET

US-CERT has issued an advisory warning that Samsung printers contain a hard-coded password that could allow a remote attacker to take control of an affected device.

The problem involves "a hard-coded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility," according to the CERT advisory. "A remote, unauthenticated attacker could access an affected device with administrative privileges."

The advisory also states that an attacker could change the device configuration and gain access to network information, user credentials and information passed through the printer, as well as set the stage for further exploits.

The issue also impacts printers marketed under the Dell brand but manufactured by Samsung through an OEM agreement. Both companies have issued statements indicating that printers released after Oct. 31 are not impacted by this vulnerability, and that a patch will be issued to resolve the glitch with printers manufactured prior to that date. During the interim, CERT says that blocking the custom SNMP trap port of 1118/udp will help mitigate the risks. In addition, administrators and channel partners are urged to ensure that the systems are connected to trusted hosts and networks in order to further reduce the risk of attack.

Network enabled printers have emerged as a new attack surface in recent years, and manufacturers have only recently begun to consider security measures in the design of these systems. Elements include user authentication, print job tracking information and policies to combat social engineering, such as timely collection of printed documents and the wiping of the printer's memory when the device is taken out of service.

Most recently, HP included server authentication features and other security enhancements for its printers during an extensive rollout of security capabilities in September. HP last year had been criticized in a Columbia University research study for firmware vulnerabilities in its printers that made the devices susceptible to remote code execution, including the forwarding of printed documents to a remote computer.

In some cases, printers may be subject to HIPAA requirements and other regulatory restrictions.

PUBLISHED NOV. 28, 2012

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Head-To-Head: Symantec Vs. McAfee In Endpoint Protection McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.
	The 8 Steps Behind The Massive $45M Cyber Bank Heist More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.
	Name Of The Game: Top 10 States For Identity Theft A Federal Trade Commission report provides statistics on identity theft and fraud complaints in 2012. Learn which state has the dubious distinction of having the most victims.
	More Slide Shows