Samsung Printers Contain Hardcoded Backdoor Account, US-CERT Warns

Hardcoded administrative account in Samsung printers poses security risks

By Lucian Constantin
Tue, November 27, 2012

IDG News Service — Printers manufactured by Samsung have a backdoor administrator account hard coded in their firmware that could enable attackers to change their configuration, read their network information or stored credentials and access sensitive information passed to them by users.

The hardcoded account does not require authentication and can be accessed over the Simple Network Management Protocol (SNMP) interface of the affected printers, the United States Computer Emergency Readiness Team (US-CERT) said Monday in a security advisory.

SNMP is an Internet protocol commonly used to monitor and read statistics from network-attached devices.

The SNMP account found in Samsung printers has full read and write permissions and remains accessible even if SNMP is disabled using the printer's management utility, US-CERT said.

"Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and the ability to leverage further attacks through arbitrary code execution," the organization said.

It's not just Samsung-branded printers that contain the administrative account, but also some Dell-branded printers manufactured by Samsung.

US-CERT did not provide a list with the exact printer models affected by the issue, but said that, according to Samsung, models released after Oct. 31, 2012, are not vulnerable.

"Samsung has also indicated that they will be releasing a patch tool later this year to address vulnerable devices," US-CERT said.

Samsung did not immediately respond to a request for comment.

US-CERT recommended that users follow security best practices and restrict access to the printers. Allowing access to their SNMP interfaces only from trusted hosts or network segments will limit the ability of attackers to use the hardcoded credentials, the organization said.

This is not the first time when serious vulnerabilities are found in printers. Last year, two Columbia University researchers discovered a weakness in the remote firmware update feature of HP LaserJet printers that could have allowed attackers to take complete control of the devices.

More from CIO

You are here: Technology Topics » Security » News

Most Recent Security Stories

White Papers »

Top 8 Identity & Access Management Challenges with Your Saas Applications

This whitepaper presents the eight biggest identity and access management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them.

Everything You Need To Know About A DDoS Attack

DDoS attacks can bring large online businesses to a complete halt. Banks and eCommerce sites are two high profile sectors that have experienced large attacks recently.

Cloud Impacts and Outcomes for Business Leaders

Learn More

Wanted: A Trusted Provider for Public Cloud Services

Learn how Dell's cloud strategy, built on the highest level of VMware integration and security, is enabling enterprises to get out of the data center business by leveraging Dell as a trusted cloud service provider.

A Universal Log Management Solution

Digital fingerprints are generated by individuals as they use enterprise systems. Do you know where your vulnerabilities are? This white paper discusses the log management landscape and the solution that protects modern networks.

Big Security for Big Data

To meet security problems faced by organizations, a paradigm shift needs to occur. Businesses need the ability to secure, collect, and aggregate data into an intelligent format for real-time alerting and reporting. How do you get started?

Webcasts »

HIPAA Hiccup Solved

Data protection priorities rapidly changed after a patient data leak that caused one healthcare provider unexpected expenses, potential reputational risk and possible HIPAA non-compliance.

Dell Software

This overview of Dell SonicWALL next-generation firewalls showcases how you can increase network security by scanning every packet without any compromises in network performance.

Enhance Network Security with Dell SonicWALL Next-Generation Firewall

This 5-minute video demonstrates some of the key features of Dell SonicWALL. See how intuitive, real-time dashboards enable IT to enhance network security, manage network bandwidth and regain control into the visibility of applications.

The New Mobile Management: Getting A Grip on Complexity

As mobile devices of every description proliferate across the enterprise, the IT pro must ensure that mobile applications have the bandwidth and security they need to run effectively.

Customer Success Video (State of Michigan)

Learn how the State of Michigan is utilizing DeepSight security intelligence to protect critical infrastructure.

PGI Customer Success Video

Learn how PGI is using Symantec Managed Security Services to protect their systems, while allowing them to focus on running, and building, their business.