Printed from http://www.electronista.com

US-CERT: Samsung printers vulnerable to remote attack

updated 02:13 am EST, Fri November 30, 2012

Flaw in Samsung's SNMP implementation to blame for exploit

Printers manufactured by Samsung have been found to have a glaring security weakness -- most all models built before October 31, 2012 have a backdoor administrator account that could enable attackers to modify configurations, read network information, access stored credentials, and potentially execute malicious code. The SNMP account in the printers reportedly has full read and write permissions, and remains accessible to network assault even when turned off using the printer's maintenance utility.

The US Computer Emergency Readiness Team (US-CERT) said in a report about the flaw that "Samsung has also indicated that they will be releasing a patch tool later this year to address vulnerable devices." The group recommends that users restrict access to the printers, allowing SNMP access only from trusted host IP addresses, MAC address filtering, or only allowing access from network segments known to be safe, which would limit the ability of hackers to use the hardcoded credentials.

US-CERT did not publicize a list of affected printers, but noted that Dell-branded printers manufactured by Samsung were affected by the flaw as well. Disabling SNMPv1 and 2 on a network-level will prevent this exploit from being executed. SNMPv3 mode is considered secure.



By Electronista Staff
toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

JBL Synchros E40BT headphones

For all the different configurations of headphones on the market, it's always a tough choice for buyers to get something that is just ...

Razer Taipan mouse

The list of gaming devices is growing larger with each passing day. A large number of companies have entered the gaming input arena, a ...

Cambridge Audio DacMagic XS

Every computer with a microphone or headphone port has one -- a digital to analog converter (DAC). There are nearly as many chipsets a ...

Sponsor

toggle

Most Commented

 
toggle

Popular News