Samsung to issue firmware fix for printer security flaw on Friday
Samsung said disabling older versions of SNMP on the printers would protect them, contradicting an earlier security warning from US-CERT
IDG News Service - Samsung Electronics will close a security hole in the firmware of some of its printers by issuing an update on Friday, and said they could be protected by disabling SNMP.
The affected printers have a backdoor administrator account hard-coded in their firmware that does not require authentication and can be accessed over the Simple Network Management Protocol (SNMP) interface, the U.S. Computer Emergency Readiness Team (US-CERT) said earlier this week in an advisory.
The affected Samsung printers, and some Dell printers made by Samsung, contain a hardcoded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility, US-CERT said.
SNMP is an Internet protocol commonly used to monitor and read statistics from network-attached devices.
Attackers could potentially change a printer's configuration, read its network information or stored credentials, and access sensitive information passed to it by users, US-CERT said. It recommended blocking the port used to access SNMP in the network.
However, Samsung played down the danger. The problem only affects the printers when SNMP is enabled, and is resolved by disabling SNMP, Samsung said in a statement on Wednesday.
"For customers that are concerned, we encourage them to disable SNMP v1,2 or use the secure SNMPv3 mode until the firmware updates are made," Samsung said.
It is releasing updated firmware for all current models, with all other models receiving an update by the end of the year. Samsung did not name the models affected.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- The Truth About Virtual Computing for CAD If you're a user of graphics-intensive software such as 3D modeling, simulation and analysis, and visualization, you might be skeptical about moving to...
- Simplifying Product Design In A Complex World Product design engineering has moved far beyond the confines of ever-more powerful workstations. Companies can't afford to restrict projects to using only local...
- A Reference Architecture for the Internet of Things The aim of this is to provide Architects and Developers of IoT projects with an effective starting point that covers the major requirements...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Why Are Customers Really Deploying an NGFW? It seems every IT Security expert is talking about the NGFW, but what are people really doing? This webcast covers 5 real-world customer... All Hardware White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!