Hardcoded Password Enables Remote Attacks on Samsung Printers

Password woes apparently aren’t limited to endpoints. US-CERT issued an advisory Tuesday warning users of Samsung printers, including some Dell printers manufactured by Samsung, that a hardcoded password could enable remote code execution.“Samsung printers contain a hardcoded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility,” the CERT advisory said.

Samsung Dell backdoorPassword woes apparently aren’t limited to endpoints. US-CERT issued an advisory Tuesday warning users of Samsung printers, including some Dell printers manufactured by Samsung, that a hardcoded password could enable remote code execution.

“Samsung printers contain a hardcoded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility,” the CERT advisory said.

In addition to leveraging the printer for a downstream attack, an attacker could change how the printer is configured or access device and network information, device credentials and other information passed to the printer, CERT said.

Samsung said that models released after Oct. 31 are not vulnerable.

“Samsung has also indicated that they will be releasing a patch tool later this year to address vulnerable devices,” the advisory said.

CERT suggests, as a workaround, that administrators allow only connections from trusted hosts and networks thus denying an attacker access to the SNMP interface using the hardcoded password.

Attacks against networked printers are nothing new. Last November, research from Columbia University concluded that tens of millions of printers, in particular, older model HP printers, contained firmware vulnerabilities that could allow attackers to remotely access networks. The printers’ remote firmware update function did not require authentication and were remotely accessible.

The Columbia researchers were also able to remotely cause the printer to smoke before its thermal switch triggered it to stop. They were also able to send copies of a tax return printed on the vulnerable printed to a remote computer.

A class action suit was filed against HP charging that the company violated consumer protection law by not disclosing printer vulnerabilities. HP was charged that its printers did not require digitally signed updates and therefore, were vulnerable to remote attack that put sensitive data at risk.

Also, at last December’s Chaos Communication Congress, researchers from the Polytechnic Institute of NYU used a rootkit to monitor incoming print jobs on HP printers.

Suggested articles

Flaws Found in Popular Printer Models

Researchers have found a half-dozen flaws in popular printer models that allow attackers to do everything from steal print jobs to conduct buffer overflow attacks.

HP, CERT Warn of Critical Hole in LaserJet Printers

Homeland Security’s Computer Emergency Response Team is warning today that some printers manufactured by Hewlett-Packard, including 10 of its LaserJet Professional printers, have a security vulnerability that could allow an attacker to remotely access data.