Companies using Samsung and Dell-branded printers are being warned that a hard coded administrative account could allow remote attackers to take control of their device, according to an alert from the U.S. Computer Emergency Readiness Team (US CERT).
CERT issued an alert on Monday noting the existence of the account, which is found in printers manufactured by Samsung and sold under both the Dell and Samsung brands up until October 31, 2012.
The hard coded SNMP (Simple Network Management Protocol) password allows full, administrative read-write privileges and remains active even if SNMP is disabled using the printer’s management console, CERT warned.
SNMP is a standard protocol that is used for managing internet-enabled devices on a network. According to CERT, a remote attacker could access a Samsung printer without needing to authenticate (sign in) to it.
Using knowledge of the password, a malicious hacker could make changes to the device configuration and access sensitive information on the device, including its network information and credentials.
The printer could also be used as a base to make attacks on other network devices, CERT warned.
Samsung is readying a fix and said it will release a patch tool “later this year” to address vulnerable devices.
The vulnerability alert does not list which printers are affected, but notes that printers released after October 31st 2012 are not affected. That means, potentially, that all Samsung model printers released before this month contain the backdoor account and are vulnerable.
As for the Dell model, Samsung builds Dell printers such as the B1160w modeled after Samsung’s ML-2165W compact all-in-one printer. It’s unclear what other Dell branded printers may be affected.
Printers are a generally overlooked bit of network infrastructure, despite the fact that modern, networked printers have many of the same attributes as regular desktop systems, and might store thousands of pages of confidential document images, to boot.
In recent years, printer vendors like HP have been forced to rush patches to users after critical vulnerabilities were discovered in firmware run by their printers.
The issue of printer security also got attention last year, when researchers at Columbia University claimed they had discovered a security vulnerability that affected “tens of millions” of HP LaserJet printers and that could, potentially, allow a remote attacker to cause physical damage to vulnerable systems – and potentially cause them to burst into flames.
While claims about fiery hacks were widely debunked, the systems remained open to remote compromise.
CERT advises organizations that use Samsung printers to restrict access to them over networks, allowing connections only from trusted hosts and networks to prevent attackers from accessing the SNMP interface needed to enter the hard coded user name and password.
Update: Samsung has been in touch with Naked Security and offered the following statement:
Samsung is aware of and has resolved the security issue affecting Samsung network printers and multifunction devices. The issue affects devices only when SNMP is enabled, and is resolved by disabling SNMP.
We take all matters of security very seriously and we are not aware of any customers who have been affected by this vulnerability. Samsung is committed to releasing updated firmware for all current models by November 30, with all other models receiving an update by the end of the year. However, for customers that are concerned, we encourage them to disable SNMPv1,2 or use the secure SNMPv3 mode until the firmware updates are made.
For further information, customers may contact Samsung customer service at 1-866-SAM4BIZ for business customers or 1-800-SAMSUNG for consumers.
Computer and printer image from Shutterstock.