x404.co.uk http://www.x404.co.uk/forum/ |
|
Samsung printers contain hardcoded backdoor account, US-CERT http://www.x404.co.uk/forum/viewtopic.php?f=4&t=17765 |
Page 1 of 1 |
Author: | Amnesia10 [ Fri Nov 30, 2012 4:02 am ] | |||||||||
Post subject: | Samsung printers contain hardcoded backdoor account, US-CERT | |||||||||
Samsung printers contain hardcoded backdoor account, US-CERT warns http://www.computerworld.com/s/article/print/9234079/Samsung_printers_contain_hardcoded_backdoor_account_US_CERT_warns
|
Author: | jonbwfc [ Fri Nov 30, 2012 9:04 am ] |
Post subject: | Re: Samsung printers contain hardcoded backdoor account, US-CERT |
Remind me again, is SNMP a routable protocol? If it isn't, you'd actually have to be on the same network segment as the printer to access the data. Jon |
Author: | JJW009 [ Fri Nov 30, 2012 11:02 am ] | |||||||||
Post subject: | Re: Samsung printers contain hardcoded backdoor account, US-CERT | |||||||||
Not sure what you mean there. SNMP goes over TCP/IP so it's routable, but you'd still need a route to get to it. Also, the article implies that it's not SNMP that's the problem per say. It's that the SNMP user has full access rights to the admin interface. I doubt many people arbitrarily port-forward to their printers so an external attack isn't that likely, but it's still a bit naff to have a hard-coded back door. Naff... but not unusual! |
Author: | jonbwfc [ Fri Nov 30, 2012 3:05 pm ] | |||||||||||||||||||||||||||
Post subject: | Re: Samsung printers contain hardcoded backdoor account, US-CERT | |||||||||||||||||||||||||||
There are routing protocols, routed protocols and non-routed protocols. I thought SNMP might be one of the non-routed protocols but it appears I was mistaken.
Sadly, with the growth of 'the cloud' it's increasingly the case that firms are making connected devices like printers and NAS boxes more internet visible than you might expect. You'd assume a sysadmin would insist on them being blocked at the perimeter and external access only via VPN but sadly some firms don't actually have a sysadmin (they just get in contract IT help as and when) and sometimes the sysadmin gets over-ruled by someone high enough up in the business hierarchy. I suspect there are far more of the printers that are vulnerable to this exploit visible on the internet than either of us would hope. Jon |
Author: | ShockWaffle [ Sat Dec 01, 2012 3:53 am ] | |||||||||
Post subject: | Re: Samsung printers contain hardcoded backdoor account, US-CERT | |||||||||
The series of coincidences and absurd decisions required to end up with a public IP forwarding unfiltered SNMP traffic to a Samsung printer that is capable of returning the traffic back to the internet, and then for that IP to be known and exploited by a hacker who could be bothered attacking a printer, must be statistically so improbable that I would be amazed if any ever gets hacked. Conversely, there are probably millions that are sitting on LANs right now with no password on their web interfaces. |
Author: | JJW009 [ Sat Dec 01, 2012 9:53 am ] |
Post subject: | Re: Samsung printers contain hardcoded backdoor account, US-CERT |
I do actually remember reading an article recently about someone who's printer started producing reams of junk. I can't for the life of me remember exactly what the cause was exactly, but I do have vague recollections of it being "cloud" related and malicious. |
Author: | ProfessorF [ Sat Dec 01, 2012 11:09 am ] |
Post subject: | Re: Samsung printers contain hardcoded backdoor account, US-CERT |
This one? This one is also interesting. |
Author: | JJW009 [ Sat Dec 01, 2012 11:42 am ] | |||||||||
Post subject: | Re: Samsung printers contain hardcoded backdoor account, US-CERT | |||||||||
I think the first one is probably the virus in the story I read. The second story is well worth a read, and specifically relevant to this thread is this one quote:
|
Author: | jonbwfc [ Sat Dec 01, 2012 2:11 pm ] |
Post subject: | Re: Samsung printers contain hardcoded backdoor account, US-CERT |
Jon's second law : It's impossible to over-estimate the stupidity of people once they connect to the internet. |
Page 1 of 1 | All times are UTC |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |