The United States Computer Emergency Readiness Team (US-CERT) has issued a warning about the threat posed by hard-coded passwords on some Samsung and Dell printers.
The issue affects devices only when SNMP is enabled, and is resolved by disabling SNMP
The CERT advisory warns that a remote attacker can use the hard-coded password to gain administrative privileges, view sensitive device and network information as well as credentials and other data passed to the printer. While experts say the threat posed by endpoint devices such as printers is minimal, they could be leveraged by an attacker to gain access to more critical systems.
"Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information … and the ability to leverage further attacks through arbitrary code execution," according to the CERT advisory issued on Monday.
The issue impacts Samsung printers and some Dell printers manufactured by Samsung, according to CERT. The affected devices "contain a hard-coded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility."
Models released after Oct. 31 are not affected by the vulnerability.
Samsung to issue update Nov. 30
Samsung issued a statement acknowledging the issue: The company said it was not aware of any printer owners targeted by attackers attempting to exploit the vulnerability.
"Samsung is aware of and has resolved the security issue affecting Samsung network printers and multifunction devices. The issue affects devices only when SNMP is enabled, and is resolved by disabling SNMP."
Updated firmware for current models is expected Nov. 30. An update will be available for other models by the end of the year, the company said. "However, for customers that are concerned, we encourage them to disable SNMPv1,2 or use the secure SNMPv3 mode until the firmware updates are made."
Businesses that are concerned can contact Samsung customer service at 1-866-SAM4BIZ.
Embedded device security has slowly gained interest at enterprises dealing with extremely sensitive data or concerned about protecting intellectual property. Last year, a team of researchers from Columbia University’s Department of Computer Science issued a study that warned that tens of millions of Hewlett-Packard printers were vulnerable to attack. Vulnerabilities in embedded devices, such as network printers, scanners and copiers, are typically difficult to patch, experts say. Instead, organizations can take steps to limit access to the devices.
A good security practice is to restrict access, only allowing connections from trusted hosts and networks. "Restricting access would prevent an attacker from accessing an SNMP interface using the affected credentials from a blocked network location," CERT said.