Samsung, Dell printers contain admin backdoor hard coded in firmware

Oops. Samsung’s been a bad boy — or at minimum very, very careless.

TheĀ U.S. Computer Emergency Readiness Team (US-CERT) revealed that Samsung printers (and some Dell printers manufactured by Samsung) contain a hardcoded backdoor which could allow access to hackers, who could then make changes to the device, see information and data passed to the printer, and possibly use the printer as a vector for further attacks inside a company’s network.

The backdoor operates over SNMP, the simple network management protocol, and remains active even when SNMP is disabled. Even worse, it does not require any authentication … meaning that blackhats who are aware of the vulnerability can simply walk right in.

If you’ve just bought a printer, you’re likely safe: Models released after October 31st, 2012 are not affected. A patch will be released “shortly,” Samsung and Dell have said.

Vulnerable organizations that need a fix instantly, network administrators can block the custom SNMP port, CERT said. Another suggestion — and good network practice — is to only allow connections from trusted sources.

photo credit: alles-schlumpf via photopin cc

0 comments