Hard-coded password found in Samsung printers, security fix planned

Filed Under: Data loss, Featured, Vulnerability

Dell printerCompanies using Samsung and Dell-branded printers are being warned that a hard coded administrative account could allow remote attackers to take control of their device, according to an alert from the U.S. Computer Emergency Readiness Team (US CERT).

CERT issued an alert on Monday noting the existence of the account, which is found in printers manufactured by Samsung and sold under both the Dell and Samsung brands up until October 31, 2012.

The hard coded SNMP (Simple Network Management Protocol) password allows full, administrative read-write privileges and remains active even if SNMP is disabled using the printer's management console, CERT warned.

SNMP is a standard protocol that is used for managing internet-enabled devices on a network. According to CERT, a remote attacker could access a Samsung printer without needing to authenticate (sign in) to it.

Using knowledge of the password, a malicious hacker could make changes to the device configuration and access sensitive information on the device, including its network information and credentials.

The printer could also be used as a base to make attacks on other network devices, CERT warned.

Samsung is readying a fix and said it will release a patch tool "later this year" to address vulnerable devices.

Printer. Image from ShutterstockThe vulnerability alert does not list which printers are affected, but notes that printers released after October 31st 2012 are not affected. That means, potentially, that all Samsung model printers released before this month contain the backdoor account and are vulnerable.

As for the Dell model, Samsung builds Dell printers such as the B1160w modeled after Samsung's ML-2165W compact all-in-one printer. It's unclear what other Dell branded printers may be affected.

Printers are a generally overlooked bit of network infrastructure, despite the fact that modern, networked printers have many of the same attributes as regular desktop systems, and might store thousands of pages of confidential document images, to boot.

In recent years, printer vendors like HP have been forced to rush patches to users after critical vulnerabilities were discovered in firmware run by their printers.

The issue of printer security also got attention last year, when researchers at Columbia University claimed they had discovered a security vulnerability that affected "tens of millions" of HP LaserJet printers and that could, potentially, allow a remote attacker to cause physical damage to vulnerable systems - and potentially cause them to burst into flames.

While claims about fiery hacks were widely debunked, the systems remained open to remote compromise.

CERT advises organizations that use Samsung printers to restrict access to them over networks, allowing connections only from trusted hosts and networks to prevent attackers from accessing the SNMP interface needed to enter the hard coded user name and password.

Update: Samsung has been in touch with Naked Security and offered the following statement:

Samsung is aware of and has resolved the security issue affecting Samsung network printers and multifunction devices. The issue affects devices only when SNMP is enabled, and is resolved by disabling SNMP.

We take all matters of security very seriously and we are not aware of any customers who have been affected by this vulnerability. Samsung is committed to releasing updated firmware for all current models by November 30, with all other models receiving an update by the end of the year. However, for customers that are concerned, we encourage them to disable SNMPv1,2 or use the secure SNMPv3 mode until the firmware updates are made.

For further information, customers may contact Samsung customer service at 1-866-SAM4BIZ for business customers or 1-800-SAMSUNG for consumers.


Computer and printer image from Shutterstock.

, , , , , , , , , ,

You might like

5 Responses to Hard-coded password found in Samsung printers, security fix planned

  1. roy jones jr · 636 days ago

    Yet again another reason to stay up to date on all devices. And if the support stops, plan on getting the new version to keep updated.

  2. Samsung ML 2165 W · 633 days ago

    Except that these "vulnerabilities" are in fact backdoors coded by the manufacturer.
    Keeping up with the newest firmware version does not help you.

    Almost identical case is with the D-Link DSR-250N router. Hard coded backdoor in the firmware. A few years back there was a similar situation with a certain Linksys routers and firmware versions.

    Who needs these backdoors and why? I certainly don't need them. And are the companies so stupid that they include these backdoors to their systems just in case or is someone forcing them to do it. And as a protest companies make these backdoors clumsy and relatively easy to find.

    And it's always funny to note that these backdoors are labeled as "vulnerabilities" even if they are premeditated.

  3. Hello there, knowing about Hard-coded password in Samsung printer I can say this kind of security code has great value for making security as well. Thanks

  4. Padev Malchick · 583 days ago

    As of 2013.01.22, no firmware or driver released after 2012.10.30 for my ML-1865 printer.

    • Denis · 579 days ago

      updates are only for network printers. usb-only printers are not updated (beause there is no backdoor in non0network printers, I guess)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul is a Boston-based reporter and industry analyst with more than a decade of experience covering the IT industry, cyber security and hacking. His work has appeared on threatpost.com, The Boston Globe, salon.com, NPR's Marketplace, Fortune Small Business, as well as industry publications including ZDNet, Computerworld, InfoWorld, eWeek, CIO , CSO and ITWorld.com. Paul got his 15 minutes as an expert guest on The Oprah Show - but that's a long story.