[ISN] Samsung Printers Have Hidden Security Risk

From: InfoSec News <alerts_at_private>
Date: Thu, 29 Nov 2012 04:19:10 -0600 (CST)
http://www.informationweek.com/security/vulnerabilities/samsung-printers-have-hidden-security-ri/240142715

By Mathew J. Schwartz
InformationWeek
November 28, 2012

Some Samsung printers and Dell-branded printers manufactured by Samsung 
are vulnerable to being taken over remotely by an attacker.

That warning was made Monday by the U.S. Computer Emergency Readiness 
Team (CERT), which said that the affected printers "contain a hardcoded 
SNMP full read-write community string that remains active even when SNMP 
is disabled in the printer management utility." In other words, the 
printers have a hardcoded account in their firmware that can't be 
disabled by users. SNMP, or simple network management protocol, is a 
TCP/IP-based network protocol used to manage and monitor network device 
configuration.

As a result of the vulnerability, "a remote, unauthenticated attacker 
could access an affected device with administrative privileges," 
according to the CERT information security advisory. "Secondary impacts 
include: the ability to make changes to the device configuration, access 
to sensitive information -- e.g. device and network information, 
credentials, and information passed to the printer -- and the ability to 
leverage further attacks through arbitrary code execution." That means 
that after accessing the administrator account, attackers could 
theoretically transform the printer into a malware-spewing attack 
platform that's able to target any other network-connected device 
located inside the same network segment or firewall.

Samsung has acknowledged the vulnerability and promised to release a 
patch within days. "Samsung is aware of and has resolved the security 
issue affecting Samsung network printers and multifunction devices. The 
issue affects devices only when SNMP is enabled, and is resolved by 
disabling SNMP," said Samsung spokesman Reuben Staines via email. "We 
take all matters of security very seriously and we are not aware of any 
customers who have been affected by this vulnerability. Samsung is 
committed to releasing updated firmware for all current models by 
November 30, with all other models receiving an update by the end of the 
year. However, for customers that are concerned, we encourage them to 
disable SNMPv1.2 or use the secure SNMPv3 mode until the firmware 
updates are made."

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 
Received on Thu Nov 29 2012 - 02:19:10 PST

This archive was generated by hypermail 2.2.0 : Thu Nov 29 2012 - 02:35:22 PST