Samsung will issue firmware fix for printer security flaw on Friday

Samsung said disabling older versions of SNMP on the printers would protect them, contradicting an earlier security warning from US-CERT

Samsung Electronics will close a security hole in the firmware of some of its printers by issuing an update on Friday, and said they could be protected by disabling SNMP.

The affected printers have a backdoor administrator account hard-coded in their firmware that does not require authentication and can be accessed over the Simple Network Management Protocol (SNMP) interface, the U.S. Computer Emergency Readiness Team (US-CERT) said earlier this week in an advisory.

The affected Samsung printers, and some Dell printers made by Samsung, contain a hardcoded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility, US-CERT said.

SNMP is an Internet protocol commonly used to monitor and read statistics from network-attached devices.

Attackers could potentially change a printer's configuration, read its network information or stored credentials, and access sensitive information passed to it by users, US-CERT said. It recommended blocking the port used to access SNMP in the network.

However, Samsung played down the danger. The problem only affects the printers when SNMP is enabled, and is resolved by disabling SNMP, Samsung said in a statement on Wednesday.

"For customers that are concerned, we encourage them to disable SNMP v1,2 or use the secure SNMPv3 mode until the firmware updates are made," Samsung said.

It is releasing updated firmware for all current models, with all other models receiving an update by the end of the year. Samsung did not name the models affected.

Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.

More about: CERT, Dell, Samsung, Samsung Electronics, SNMP
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: peripherals, Printers, security, Samsung Electronics, Exploits / vulnerabilities
Whitepapers
All whitepapers

EscapeNet enjoys life as an indie ISP

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Sign up now to get free exclusive access to reports, research and invitation only events.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia