Samsung printers contain hidden, hard-coded management account

Samsung printers contain hidden, hard-coded management account

Summary: Many Samsung printers contain a hidden device-management account that cannot be disabled, and could allow attackers to compromise networks.

SHARE:
1

Samsung printers released before October 31, 2012, have been found to contain a hard-coded account that could allow an attacker to remotely take control of the device.

As described in a vulnerability note released by the US Computer Emergency Response Team (CERT), affected printers have a Simple Network Management Protocol (SNMP) account programmed into their firmware. This account continues to permit access to the device even if SNMP functions are disabled in the printer's management utility. Some Dell printers manufactured by Samsung are also affected.

SNMP allows administrators to manage or monitor networked devices, such as printers, routers, or even servers, meaning that attackers could easily change any of the affected printers' settings. An attacker could also capture any network traffic that the printer would normally have access to.

The vulnerability note also states that when compromised this way, an attacker could use the printer to execute further attacks. Such an example could include finding another vulnerability in the device to allow the attacker to execute arbitrary code.

Samsung is working on releasing a patch to address the vulnerable devices, and expects to release it later this year.

Topics: Security, Printers, Samsung

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • More Interesting

    is what I found out about printer hardware in a documentary I watched about planned obsolescence. When this one guy's printer suddenly stopped working, he did a search and came across a Russian program that sets a printer's counter to zero. He ran the program, and the printer worked perfectly again. It wasn't a Samsung, but I wouldn't consider such tricks beneath their competitors.
    hmmm,