Samsung Printers Have Hidden Security Risk

  /     /     /  
Publicated : 22/11/2024   Category : security


Samsung Printers Have Hidden Security Risk


Some Samsung printers, and Dell-branded printers manufactured by Samsung, can be remotely accessed by attackers. Heres how.



Some Samsung printers and Dell-branded printers manufactured by Samsung are vulnerable to being taken over remotely by an attacker.
That warning was made Monday by the U.S. Computer Emergency Readiness Team (CERT), which said that the affected printers contain a hardcoded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility. In other words, the printers have a hardcoded account in their firmware that cant be disabled by users. SNMP, or
simple network management protocol
, is a TCP/IP-based network protocol used to manage and monitor network device configuration.
[ Hackers stole financial and other sensitive information from compromised state system. Read about it at
How South Carolina Failed To Spot Hack Attack
. ]
As a result of the vulnerability, a remote, unauthenticated attacker could access an affected device with administrative privileges, according to the CERT information security advisory. Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information -- e.g. device and network information, credentials, and information passed to the printer -- and the ability to leverage further attacks through arbitrary code execution. That means that after accessing the administrator account, attackers could theoretically transform the printer into a malware-spewing attack platform thats able to target any other network-connected device located inside the same network segment or firewall.
Samsung has acknowledged the vulnerability and promised to release a patch within days. Samsung is aware of and has resolved the security issue affecting Samsung network printers and multifunction devices. The issue affects devices only when SNMP is enabled, and is resolved by disabling SNMP, said Samsung spokesman Reuben Staines via email. We take all matters of security very seriously and we are not aware of any customers who have been affected by this vulnerability. Samsung is committed to releasing updated firmware for all current models by November 30, with all other models receiving an update by the end of the year. However, for customers that are concerned, we encourage them to disable SNMPv1.2 or use the secure SNMPv3 mode until the firmware updates are made.
Samsung has yet to release full details about exactly which printer models and firmware versions are affected. But it did say that no Samsung and Dell printers released from November 1, 2012 and later contain the vulnerability.
Both Samsung and Dell were advised of the firmware vulnerability on August 23, 2012, by security researcher Neil Smith, who Tuesday
published further details of the vulnerability
. According to Smith, Samsung has now removed all downloadable versions of its printer firmware from its support pages, but he noted that
samples of the affected firmware
are still available from the Dell support site. That particular printer firmware installer is named Dell2335dn_A11_v2.70.06.21.exe. In a Twitter post, Smith suggested that Korea-based Samsung
moved less than quickly
to address the flaw. Its been frustrating working with samsung. Internal ITsec at S confirmed it. Kr:HQ pulled them off. CERT pubd and so did I, he said.
The Samsung vulnerability warning is a reminder that printers -- among other network-connected devices, such as
home security webcams
-- may contain embedded Web servers that may be permanently enabled. One security best practice, according to the CERT advisory, is to allow connections only from trusted hosts and networks to any network-connected peripheral, and thats one temporary workaround for any organization that currently uses a Samsung or Dell network-connected printer. Restricting access would prevent an attacker from accessing an SNMP interface using the affected credentials from a blocked network location, noted CERT.
Another risk from attackers being able to remotely access a Web-connected printer is corporate espionage. According to research released last year by Michael Sutton, VP of security research for Web security firm Zscaler Labs, he was able to fingerprint, or identify, one million Internet-connected systems. Many of those systems were embedded Web servers inside Web-connected photocopiers, scanners, and VoIP systems and werent secured in any manner, such as requiring a username or password. As a result, Sutton was able to freely download numerous types of documents stored on the Internet-connected devices.
Building a more robust network vulnerability management program can help you identify security holes before an attacker does, as well as develop more secure systems and applications in the future. In the
A Guide To Network Vulnerability Management
report, we examine the products and practices that will get you there. (Free registration required.)

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Samsung Printers Have Hidden Security Risk