Samsung to issue updates in response to printer alert

Nov 29, 2012 by Nancy Owano report

(Phys.org)—Samsung has issued a response to CERT's vulnerability advisory about Samsung networked printers but the response may have left printer owners wondering what to do next. Samsung said that it is aware of and has resolved the security issue affecting Samsung network printers and multifunction devices. "The issue affects devices only when SNMP is enabled, and is resolved by disabling SNMP." The company offered the reminder that it takes all matters of security seriously. They said that were they not aware of any customers affected by this vulnerability. Samsung said that it intends to release updated firmware for all current models by November 30, and all other models will receive an update by the end of the year.

Nonetheless, it added, any customers concerned about the vulnerability can disable SNMPv1.2 or use the secure SNMPv3 mode until the firmware updates are made.

Samsung's SNMP advice, however, appeared to generate more questions than answers, motivating at least one news service, CNET, to contact Samsung in order to clarify the issue.

That is because the U.S. Computer Emergency Response Team (CERT) Vulnerability Note (VU#281284), issued first on November 26 and then revised on Wednesday said that a hardcoded Simple Network Management Protocol (SNMP) full read-write community string remains active even when SNMP is disabled in the management utility. The account in the firmware will still allow access to the device even if management functions are disabled in the printer's software utility.

The CERT warning spoke about a Samsung printer firmware backdoor administrator account. This is a hardcoded account in the printers that could allow a remote attacker to take control of an affected device. The note pertained to Samsung printers as well as some Dell printers manufactured by Samsung. "A remote, unauthenticated attacker could access an affected device with administrative privileges," US-CERT said. "Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and the ability to leverage further attacks through arbitrary code execution."

CERT then referenced that the "reporter has stated that blocking the custom SNMP trap port of 1118/udp will help mitigate the risks."

Samsung and Dell have stated that any models released after October 31 if this year are not affected by this vulnerability.

The CERT note was a result of findings by Neil Smith, a security researcher, who then contacted US-CERT on November 26, telling them that Samsung printer firmware contains a hardcoded backdoor administrator account that could allow remote network access exploitation and device control.

Explore further: BlackBerry launches Classic in last-ditch effort

More information: www.kb.cert.org/vuls/id/281284

Related Stories

HP Launches New Enterprise Printers

Apr 12, 2007

The company adds to its printing portfolio with two new ink-based color multifunction printers, updated management tools and a universal print driver.

Recommended for you

Gift Guide: Home products come with connectivity

2 hours ago

Do you really need an app to tell you to brush and floss? It seems every household appliance is getting some smarts these days, meaning some connection to a phone app and the broader Internet. But then what?

BlackBerry launches Classic in last-ditch effort

19 hours ago

(AP)—BlackBerry is returning to its roots with a new phone that features a traditional keyboard at a time when rival Apple and Android phones—and most smartphone customers—have embraced touch screens.

Tag Heuer changes tune, now looking at smartwatches

Dec 16, 2014

Barely a few months after dismissing Apple's smartwatch, the new chief executive of luxury Swiss watchmaker Tag Heuer conceded Tuesday that such a hi-tech gadget might after all have a place in his firm's ...

Runtastic turns to VR for optimal workouts

Dec 16, 2014

Some people avoid technology altogether when it comes time to switch off stress and turn on a feeling of health and well-being. They put on a pair of shoes and start walking. They get on a bike and start ...

Gift Guide: Five fitness trackers offer wide range

Dec 16, 2014

There are several fitness trackers to choose from, varying in what they measure and how easy they are to use. Here are five, ranked from budget to sophisticated, to give you a sense of the range available. ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

h20dr
not rated yet Nov 29, 2012
Its all Greek to me... Good thing I have an Epson... Or maybe not? Lol

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.