Printers and other peripheral devices are often overlooked when it comes to keeping systems and software up-to-date. But, back doors that give cyber criminals access to sensitive corporate data are more common than you might think.
Case in point: the United States Computer Emergency Readiness Team (US-CERT) (which is sponsored by the Department of Homeland Security) just issued a security advisory alerting the public to an issue with network printers manufactured by Samsung.
This after a year ago two researchers from Columbia University publicized a vulnerability they discovered in HP LaserJet printers.
Samsung-branded printers and some Dell-branded printers manufactured by Samsung are included in US-CERT’s security advisory. These network printers (they didn’t say which models) have a backdoor administrator account hardcoded in their firmware. Gaining access to this account on an affected device could enable a remote attacker to take control of it.
US-CERT says the account, which does not require authentication, can be accessed via the printers’ Simple Network Management Protocol (SNMP) interface. With read/write privileges, an attacker could make configuration changes, access device and network information, credentials and documents stored on the printer’s hard drive, and possibly launch cyber attacks through arbitrary code execution.
Fixing the flaw
Both Samsung and Dell have said models released after October 31, 2012 don’t have the backdoor administrator account. They also said they plan to release a patch tool later this year.
In the meantime, Samsung says end users can disable SNMPv1 and SNMPv2 or use SNMPv3 until the firmware updates are released. However, US-CERT warns the code with the vulnerability remains active even when the SNMP interface is disabled in the printer management utility.
US-CERT advises end users to restrict access via IP and Mac address filtering.
Whether you have any network printers manufactured by Samsung or not, this latest security advisory is a reminder that it’s a good idea to make sure your network printers are as secure as they can be. In addition to restricting access and keeping the firmware up-to-date, you should:
- Require authentication
- Overwrite data after every print job, and
- Change the default passwords.