Sign in with
Sign up | Sign in

Some Samsung Printers Prone to Hacks

By - Source: ZDNet | B 12 comments

Patch set to address security hole before 2013 arrives.

Certain printers created by Samsung feature a hardcoded account that leaves them open to potential hacks.

Samsung printers and a select amount of Dell printers made by the Samsung have a hardcoded account which could see a hacker controlling and access information on the devices, so says the US-CERT (United States Computer Emergency Readiness Team).

Such printers contain a hardcoded SNMP (Simple Network Management Protocol) string delivering both read and write access. It stays active even if the user disables the network protocol.

"A remote, unauthenticated attacker could access an affected device with administrative privileges," US-CERT said. "Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and the ability to leverage further attacks through arbitrary code execution."

Samsung responded by confirming it's aware of the flaw, with printers released after October 31 apparently not containing the security hole. A patch for the devices which are affected will be released by years end.

US-CERT advises those potentially affected to set their firewalls to allow connections from trusted hosts and networks. A Samsung spokesperson notified Cnet that the issue only affects printers that have SNMP enabled, subsequently seeing users disabling the protocol having the problem resolved.

Samsung's method of a fix, however, appears to contradict information provided by US-CERT within its security note. The technology giant clarified:

We take all matters of security very seriously and we are not aware of any customers who have been affected by this vulnerability. Samsung is committed to releasing updated firmware for all current models by November 30, with all other models receiving an update by the end of the year. However, for customers that are concerned, we encourage them to disable SNMPv1,2 or use the secure SNMPv3 mode until the firmware updates are made. For further information, customers may contact Samsung customer service at 1-866-SAM4BIZ for business customers or 1-800-SAMSUNG for consumers.
Display 12 Comments.
This thread is closed for comments
  • 0 Hide
    rangas , November 29, 2012 12:21 AM
    oh noo! my samsung!!
  • -1 Hide
    A Bad Day , November 29, 2012 1:15 AM
    Is Samsung going to email every customer affected? Because I'm pretty sure there are some people who don't even know that there's a Windows 8.
  • 9 Hide
    fuzzion , November 29, 2012 1:25 AM
    "no mum, i didnt print that porn, I was hacked"
  • 7 Hide
    brickman , November 29, 2012 3:43 AM
    Never knew Samsung made printers.

    Hope their refrigerators dont get hacked. Have ice cubes shooting out :p 
  • 1 Hide
    Thunderfox , November 29, 2012 3:47 AM
    The most likely thing I can see this being used for is to print trollfaces on random people's printers.
  • 0 Hide
    memadmax , November 29, 2012 4:52 AM
    Why would someone hack a printer for?
  • 3 Hide
    rantoc , November 29, 2012 5:41 AM
    memadmaxWhy would someone hack a printer for?

    Networked devices with their own SoC could be used for any number of applications. Rewrite the firmware and voila its a tad more than a printer....
  • 2 Hide
    freggo , November 29, 2012 9:22 AM
    Now the Nigerians can hack your printer and when you come to the office you find a half dozen certificates of selected Swiss funds available for withdrawal.
    The submit form for the transfer taxes will also have been printed for your convenience :-)

  • 1 Hide
    Anonymous , November 29, 2012 10:57 AM
    One more reason not to buy Samsung. It took them three months to replace a defective printer cartridge (kept failing to send, sent to wrong address, etc...). They also failed to promptly patch a bug on their hard drive controller which caused them to lockup. After these two incidents I swore I would never buy another Samsung product.
  • -1 Hide
    spartanmk2 , November 29, 2012 2:37 PM
    brickmanNever knew Samsung made printers. Hope their refrigerators dont get hacked. Have ice cubes shooting out

    Yeah i havent seen samsung printers either, that is HP territory (one of the few things HP makes that arent that bad)
  • 0 Hide
    Anonymous , November 29, 2012 2:38 PM
    So thats how hte goverments spyes on us....first the stored copies on laser printers and now this,btw most net devices have a hard coded accounts,printers ,faxes,laptops ,cellphones etc,etc.
  • -2 Hide
    A Bad Day , November 29, 2012 7:58 PM
    brickmanNever knew Samsung made printers. Hope their refrigerators dont get hacked. Have ice cubes shooting out

    I have a Samsung printer right next to me. An old black-and-white toner.