Hardcoded account in Samsung printers provides backdoor for attackers
US-CERT has issued an alert warning users of Samsung printers and some Dell printers manufactured by Samsung about the presence of a hardcoded account that could allow remote attackers to access an affected device with administrative privileges.
This privileged access could also be used to change the device configuration, access sensitive information stored on it (credentials, network configuration, etc.), and even to mount additional attacks through arbitrary code execution, US-CERT claims.
The hardcoded account is present in all printers released before October 31, 2012 – and that’s a lot of printers. Still, Samsung is not rushing out a patch – the manufacturer has only said that it will be pushed out “later this year.”
“As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing an SNMP interface using the affected credentials from a blocked network location,” US-CERT advises, especially because the hardcoded account remains active even if SNMP is disabled in the printer management utility.
UPDATE: Samsung reached out to us to day, issuing a helpful statement about this problem:
Samsung is aware of and has resolved the security issue affecting Samsung network printers and multifunction devices. The issue affects devices only when SNMP is enabled, and is resolved by disabling SNMP.
We take all matters of security very seriously and we are not aware of any customers who have been affected by this vulnerability. Samsung is committed to releasing updated firmware for all current models by November 30, with all other models receiving an update by the end of the year. However, for customers that are concerned, we encourage them to disable SNMPv1,2 or use the secure SNMPv3 mode until the firmware updates are made.
For further information, customers may contact Samsung customer service at 1-866-SAM4BIZ for business customers or 1-800-SAMSUNG for consumers.