Certain printers created by Samsung feature a hardcoded account that leaves them open to potential hacks.
Samsung printers and a select amount of Dell printers made by the Samsung have a hardcoded account which could see a hacker controlling and access information on the devices, so says the US-CERT (United States Computer Emergency Readiness Team).
Such printers contain a hardcoded SNMP (Simple Network Management Protocol) string delivering both read and write access. It stays active even if the user disables the network protocol.
"A remote, unauthenticated attacker could access an affected device with administrative privileges," US-CERT said. "Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and the ability to leverage further attacks through arbitrary code execution."
Samsung responded by confirming it's aware of the flaw, with printers released after October 31 apparently not containing the security hole. A patch for the devices which are affected will be released by years end.
US-CERT advises those potentially affected to set their firewalls to allow connections from trusted hosts and networks. A Samsung spokesperson notified Cnet that the issue only affects printers that have SNMP enabled, subsequently seeing users disabling the protocol having the problem resolved.
Samsung's method of a fix, however, appears to contradict information provided by US-CERT within its security note. The technology giant clarified:
We take all matters of security very seriously and we are not aware of any customers who have been affected by this vulnerability. Samsung is committed to releasing updated firmware for all current models by November 30, with all other models receiving an update by the end of the year. However, for customers that are concerned, we encourage them to disable SNMPv1,2 or use the secure SNMPv3 mode until the firmware updates are made. For further information, customers may contact Samsung customer service at 1-866-SAM4BIZ for business customers or 1-800-SAMSUNG for consumers.