Samsung printers contain hidden, hard-coded management account

Summary:Many Samsung printers contain a hidden device-management account that cannot be disabled, and could allow attackers to compromise networks.

Samsung printers released before October 31, 2012, have been found to contain a hard-coded account that could allow an attacker to remotely take control of the device.

As described in a vulnerability note released by the US Computer Emergency Response Team (CERT), affected printers have a Simple Network Management Protocol (SNMP) account programmed into their firmware. This account continues to permit access to the device even if SNMP functions are disabled in the printer's management utility. Some Dell printers manufactured by Samsung are also affected.

SNMP allows administrators to manage or monitor networked devices, such as printers, routers, or even servers, meaning that attackers could easily change any of the affected printers' settings. An attacker could also capture any network traffic that the printer would normally have access to.

The vulnerability note also states that when compromised this way, an attacker could use the printer to execute further attacks. Such an example could include finding another vulnerability in the device to allow the attacker to execute arbitrary code.

Samsung is working on releasing a patch to address the vulnerable devices, and expects to release it later this year.

Topics: Security, Printers, Samsung

About

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.