Owners of certain Samsung printers may find their devices a target for hackers.
Samsung printers and some Dell printers made by Samsung have a hardcoded account that someone could use to control and access information on the devices, according to US-CERT (United States Computer Emergency Readiness Team).
As described by the security team, these printers contain a hardcoded SNMP (Simple Network Management Protocol) string that has full read/write access and stays active even if the network protocol is disabled by the user.
"A remote, unauthenticated attacker could access an affected device with administrative privileges," US-CERT said. "Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and the ability to leverage further attacks through arbitrary code execution."
Samsung is aware of the flaw and has said that printers released after October 31 of this year don't contain this weakness. The company has promised to release a patch before the end of the year to shore up the hole.
In the meantime, US-CERT advises potentially affected users to set their firewalls to allow only connections from trusted hosts and networks. This would prevent hackers using blocked network locations from gaining access to your printer via the hardcoded account. That process varies from product to product, but a US-CERT Web page offers some security tips on firewall configuration.
If you do own a Samsung or Dell printer, how can you tell if you're affected by the flaw? A spokesman for US-CERT told CNET that aside from checking the manufacturing date, your best bet is to contact Samsung or Dell technical support directly.
A Samsung spokesperson told CNET that the issue affects printers only when SNMP is enabled, so disabling the protocol should resolve the problem. However, that seems to contradict the information provided by US-CERT in its security note. CNET has contacted both Samsung and CERT to clarify this issue.
The Samsung spokesperson also provided the following statement:
We take all matters of security very seriously and we are not aware of any customers who have been affected by this vulnerability. Samsung is committed to releasing updated firmware for all current models by November 30, with all other models receiving an update by the end of the year. However, for customers that are concerned, we encourage them to disable SNMPv1,2 or use the secure SNMPv3 mode until the firmware updates are made. For further information, customers may contact Samsung customer service at 1-866-SAM4BIZ for business customers or 1-800-SAMSUNG for consumers.
The flaw was first reported by security researcher Neil Smith, according to ZDNet. In a tweet, Smith revealed a few details about the flaw but said he found it frustrating working with Samsung on the issue.
Updated 11:00 a.m. and 11:30 a.m. PTwith responses from US-CERT and Samsung.