Researcher reveals backdoor access in Samsung printers

Researcher reveals backdoor access in Samsung printers

Summary: Samsung printers contain a hardcoded backdoor account that could allow remote network access exploitation and device control via SNMP. Details of the exploit have been published.

SHARE:
TOPICS: Samsung, Security
10

A researcher has alerted the U.S. Computer Emergency Readiness Team (US-CERT) that Samsung printer firmware contains a hardcoded backdoor administrator account that could allow remote network access exploitation and device control.

samsung

The admin account does not require verification, opening up the devices and users' networks to potentially serious remote attacks. 

At the time of making the vulnerability note public US-CERT reported:

Samsung has stated that models released after October 31, 2012 are not affected by this vulnerability.

Samsung has also indicated that they will be releasing a patch tool later this year to address vulnerable devices.

When asked for comment Samsung's Public Relations Manager told us,

Samsung is committed to releasing updated firmware for all current models by November 30, with all other models receiving an update by the end of the year.

Security researcher Neil Smith reported the discovery to US-CERT on November 26. Mr. Smith has since published details of the Samsung Printer SNMP Backdoor to his Tumblr.

So if you have a Samsung printer that isn't one month old, until Samsung releases its patch US-CERT tells us that some printer owners might be vulnerable to:

A remote, unauthenticated attacker could access an affected device with administrative privileges. Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and the ability to leverage further attacks through arbitrary code execution.

A successful attacker could almost certainly read print jobs. People assume that what's going to their printer is private - such as payroll data, tax forms, contracts, etc.

At this time, Samsung appears to have pulled all of its printer firmware from its support pages.

Samsung printers contain a hardcoded SNMP full read-write community string. According to US-CERT. it remains active even when SNMP is disabled in the printer management utility.

This runs counter to what Samsung's Public Relations Manager told me via email today saying, "The issue affects devices only when SNMP is enabled, and is resolved by disabling SNMP. However, for customers that are concerned, we encourage them to disable SNMPv1,2 or use the secure SNMPv3 mode until the firmware updates are made."

Some Dell printers manufactured by Samsung also have the admin account backdoor access. 

In case you're not familiar, SNMP is an Internet-standard protocol that network adminisrators use to manage connected devices such as routers, servers, printers, hubs and more.

Smith tweeted, "This isn't remote code execution. But it allows for remote firmware update over the wire."

US-CERT recommends users implement general security prophylactics until the issue is resolved: namely, restricted device access and to "only allow connections from trusted hosts and networks."

Pro tip: be sure over the holidays to tell your mom to do a printer firmware update.

UPDATE 11/28: Added Samsung's statement in full,

Samsung is aware of and has resolved the security issue affecting Samsung network printers and multifunction devices. 

The issue affects devices only when SNMP is enabled, and is resolved by disabling SNMP.

We take all matters of security very seriously and we are not aware of any customers who have been affected by this vulnerability. 

Samsung is committed to releasing updated firmware for all current models by November 30, with all other models receiving an update by the end of the year. 

However, for customers that are concerned, we encourage them to disable SNMPv1,2 or use the secure SNMPv3 mode until the firmware updates are made.

For further information, customers may contact Samsung customer service at 1-866-SAM4BIZ for business customers or 1-800-SAMSUNG for consumers.

Topics: Samsung, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

10 comments
Log in or register to join the discussion
  • sniffer

    so every printer can become a sniffer on your network?
    pat@...
  • Samsung printer

    So log into the management application for your Samsung printer and change the default admin and passwords. Use some common sense when installing and managing your network devices.
    Jaytmoon
    • hardcoded

      @Jaytmoon You can't for this hidden admin account. That's part of the problem.
      Violet Blue
      • backdoor

        So it would seem to be an snmp protocol backdoor. I know there is a firmware update in the works but, if snmp is disabled in the settings, wouldn't that make the issue mute? besides our network is behind several baracuda's
        Jaytmoon
    • Changing passwords

      Backdoor access is not thru the normal admin password. What good would that do? Then again most people don't allow their printer to be accessed from the net. How big of an issue is this really?
      Dameadows
      • Could be significant

        As mine can email and scan direct in addition to be a wireless unit.
        rhonin
  • Backdoor already used

    I wonder how many Apple employees are using Samsung printers?
    philetus
    • That's why they're so good at copying...

      But lets all praise Samsung for being innovative when they can just intercept and print out their competitors secrets in Korea. Nothing but a bunch of spying crooks!

      The US should ban all SAMSUNG products for national security reasons. Who knows how many government or defense agencies are using their printers as well. And do you think they would just stop at printers? Enjoy that new smartphone or tablet they're practically giving away for free these days!
      Troythestargazer66
      • Calm down...

        ...take a few deep breaths, then consider going to see your shrink to treat a potentially serious case of paranoia.
        cavehomme1
  • why is it there in the first place?

    Lot's of sorry, we will fix it from Samsung, but no explanation as to why it was there in the first place.
    Al_nyc