Samsung will issue firmware fix for printer security flaw on Friday

Samsung said disabling older versions of SNMP on the printers would protect them, contradicting an earlier security warning from US-CERT

John Ribeiro (IDG News Service)
29 November, 2012 11:03
Comments

Samsung Electronics will close a security hole in the firmware of some of its printers by issuing an update on Friday, and said they could be protected by disabling SNMP.

The affected printers have a backdoor administrator account hard-coded in their firmware that does not require authentication and can be accessed over the Simple Network Management Protocol (SNMP) interface, the U.S. Computer Emergency Readiness Team (US-CERT) said earlier this week in an advisory.

The affected Samsung printers, and some Dell printers made by Samsung, contain a hardcoded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility, US-CERT said.

SNMP is an Internet protocol commonly used to monitor and read statistics from network-attached devices.

Attackers could potentially change a printer's configuration, read its network information or stored credentials, and access sensitive information passed to it by users, US-CERT said. It recommended blocking the port used to access SNMP in the network.

However, Samsung played down the danger. The problem only affects the printers when SNMP is enabled, and is resolved by disabling SNMP, Samsung said in a statement on Wednesday.

"For customers that are concerned, we encourage them to disable SNMP v1,2 or use the secure SNMPv3 mode until the firmware updates are made," Samsung said.

It is releasing updated firmware for all current models, with all other models receiving an update by the end of the year. Samsung did not name the models affected.

"Importing and employing temporary or permanent migrants to fill any "skills shortages" ..."

Skill shortages? Not if you pay or train
"Here is the problem, i recently fixed an old computer & now ..."

Dell replays Windows 8 blame card as PC sales slide
"Please build a base station to cover the whole Whitsunday area! We ..."

Telstra continues with billion dollar 4G plan
"I hope they start work in Proserpine, Queensland soon! Can't wait to ..."

What’s life really like on the NBN? (Part II)
"The guys who created ethernet are nothing like the startup kids today. ..."

40 years ago, Ethernet's fathers were the startup kids

Tags: peripherals, Printers, security, Samsung Electronics, Exploits / vulnerabilities

Whitepapers

All whitepapers

Most Read

Sign up now to get free exclusive access to reports, research and invitation only events.

Most Commented

Featured Whitepapers

Spear-Phishing Email: Most Favored APT Attack Bait

This research paper presents findings on APT-related spear phishing from February to September 2012. We analysed APT-related spear-phishing emails collected throughout this period to understand and mitigate attacks. The information we gathered not only allowed us to obtain specific details on spear phishing but also on targeted attacks. We found, for instance, that 91% of targeted attacks involve spear-phishing emails, reinforcing the belief that spear phishing is a primary means by which APT attackers infiltrate target networks.

Featured Download

Gadwin Web Snapshot

Gadwin Web Snapshot will effectively capture the entire page including all design elements when capturing web pages. It makes an image of the browser’s content ...

Zones

Most Popular Whitepapers

Clearing the Clouds for Midmarket Businesses

Cloud computing promises to help midmarket companies reduce cost and complexity in the IT equation – and gain the flexibility and agility they need to thrive. Yet charting a clear course to the cloud isn’t always easy. In this paper, we aim to clear the clouds. We examine different cloud computing models, discuss the types of requirements that each can best address, and consider what midmarket businesses should look for in a cloud solutions provider.

Popular tags: Business Management, Security, Storage, Data Centre, Virtualisation

Latest Jobs

FTTest Analyst (MS Environment) .netNSW
FTJob Title: Mac Systems/ Enterprise Systems EngineerNZ
FTTest Analyst (MS Environment) .netNSW
FTTechnical Consulting ManagerNSW
FTTest EngineerVIC
FTSenior Python Web Applications DeveloperNSW
FTFlash / ActionScript Developer - ContractNSW
FTWeb Analyst - WebTrendsVIC
FT1st Line Support EngineerNSW
FTSenior Python DeveloperNSW
FTSenior Python DeveloperNSW
FTOS Web Applications DeveloperNSW
FTR&D EngineerSA
FTLead Software EngineerSA
FTQuality ManagerSA
FT.NET - Sitecore Developer - Melbourne - PermNSW

Market Place

Samsung will issue firmware fix for printer security flaw on Friday

Recommended

Australian eHealth messaging trial a success

Pump-and-dump stock spam makes a comeback

More Australians are using mobiles to connect to ...

Google has 'lapped Siri' with sci-fi-like search

What’s life really like on the NBN? (Part II)

LogMeIn eyes opportunities in the Internet of Things

UPDATED: 4G in Australia: The state of the nation

iPhone 6 rumour rollup for the week ending May 17

Telstra continues with billion dollar 4G plan

NBN debate turns into slanging match

Turnbull blasts Labor over unsold spectrum in Digital Dividend

Australia lags Mongolia in Internet speeds

Conroy dismisses claims of NBN failing

Dell replays Windows 8 blame card as PC sales slide

Spear-Phishing Email: Most Favored APT Attack Bait

Building a Better Mousetrap in Anti-Malware

A Holistic Approach to your BYOD Challenge

2013 Global Information Security Survey: Initial findings

Gadwin Web Snapshot

Symantec Business Critical Virtualisation Content Zone

BlackBerry Enterprise Service 10 Zone

HP Tech Connect Resource Centre

Clearing the Clouds for Midmarket Businesses

Six Reasons to Empower Your SharePoint Citizen Developers

Hybrid IT Service Management: A Requirement for Virtualisation and Cloud Computing

Building Maturity and Experience in Successful Virtualisation Strategies

Deploying Flash in the Enterprise

Computerworld newsletter

Don't have an account?

Samsung will issue firmware fix for printer security flaw on Friday

Recommended

Computerworld newsletter