/>
X

Samsung printers contain hidden, hard-coded management account

Many Samsung printers contain a hidden device-management account that cannot be disabled, and could allow attackers to compromise networks.
michael-11.jpg
Written by Michael Lee, Journalist on

Samsung printers released before October 31, 2012, have been found to contain a hard-coded account that could allow an attacker to remotely take control of the device.

As described in a vulnerability note released by the US Computer Emergency Response Team (CERT), affected printers have a Simple Network Management Protocol (SNMP) account programmed into their firmware. This account continues to permit access to the device even if SNMP functions are disabled in the printer's management utility. Some Dell printers manufactured by Samsung are also affected.

SNMP allows administrators to manage or monitor networked devices, such as printers, routers, or even servers, meaning that attackers could easily change any of the affected printers' settings. An attacker could also capture any network traffic that the printer would normally have access to.

The vulnerability note also states that when compromised this way, an attacker could use the printer to execute further attacks. Such an example could include finding another vulnerability in the device to allow the attacker to execute arbitrary code.

Samsung is working on releasing a patch to address the vulnerable devices, and expects to release it later this year.

Related

Are you ready for the worst Economy Class airline seats in the world?
airline-seats.jpg

Are you ready for the worst Economy Class airline seats in the world?

Business
Remote working vs back to the office: Benefits are clear, but there could be trouble ahead for some
A middle aged man in casual attire sat at his computer desk speaking to colleagues via a split-screen video chat application

Remote working vs back to the office: Benefits are clear, but there could be trouble ahead for some

Professional Development
Microsoft Azure-certified roles are well-paid, and you can study for certification for $39
replace-this-image.jpg

Microsoft Azure-certified roles are well-paid, and you can study for certification for $39

Deals