x404.co.uk
http://www.x404.co.uk/forum/

Samsung printers contain hardcoded backdoor account, US-CERT
http://www.x404.co.uk/forum/viewtopic.php?f=4&t=17765		 Page 1 of 1
Author:  Amnesia10 [ Fri Nov 30, 2012 4:02 am ]
Post subject:  Samsung printers contain hardcoded backdoor account, US-CERT
Samsung printers contain hardcoded backdoor account, US-CERT warns

http://www.computerworld.com/s/article/print/9234079/Samsung_printers_contain_hardcoded_backdoor_account_US_CERT_warns

Quote:
Printers manufactured by Samsung have a backdoor administrator account hard coded in their firmware that could enable attackers to change their configuration, read their network information or stored credentials and access sensitive information passed to them by users.

The hardcoded account does not require authentication and can be accessed over the Simple Network Management Protocol (SNMP) interface of the affected printers, the U.S. Computer Emergency Readiness Team (US-CERT) said in a security advisory.

SNMP is an Internet protocol commonly used to monitor and read statistics from network-attached devices.

The SNMP account found in Samsung printers has full read and write permissions and remains accessible even if SNMP is disabled using the printer's management utility, US-CERT said.

"Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and the ability to leverage further attacks through arbitrary code execution," the organization said.

It's not just Samsung-branded printers that contain the administrative account, but also some Dell-branded printers manufactured by Samsung.
Author:  jonbwfc [ Fri Nov 30, 2012 9:04 am ]
Post subject:  Re: Samsung printers contain hardcoded backdoor account, US-CERT
Remind me again, is SNMP a routable protocol? If it isn't, you'd actually have to be on the same network segment as the printer to access the data.

Jon
Author:  JJW009 [ Fri Nov 30, 2012 11:02 am ]
Post subject:  Re: Samsung printers contain hardcoded backdoor account, US-CERT
jonbwfc wrote:
Remind me again, is SNMP a routable protocol? If it isn't, you'd actually have to be on the same network segment as the printer to access the data.

Not sure what you mean there. SNMP goes over TCP/IP so it's routable, but you'd still need a route to get to it. Also, the article implies that it's not SNMP that's the problem per say. It's that the SNMP user has full access rights to the admin interface.

I doubt many people arbitrarily port-forward to their printers so an external attack isn't that likely, but it's still a bit naff to have a hard-coded back door. Naff... but not unusual!
Author:  jonbwfc [ Fri Nov 30, 2012 3:05 pm ]
Post subject:  Re: Samsung printers contain hardcoded backdoor account, US-CERT
JJW009 wrote:
jonbwfc wrote:
Remind me again, is SNMP a routable protocol? If it isn't, you'd actually have to be on the same network segment as the printer to access the data.

Not sure what you mean there. SNMP goes over TCP/IP so it's routable, but you'd still need a route to get to it. Also, the article implies that it's not SNMP that's the problem per say. It's that the SNMP user has full access rights to the admin interface.

There are routing protocols, routed protocols and non-routed protocols. I thought SNMP might be one of the non-routed protocols but it appears I was mistaken.

JJW009 wrote:
I doubt many people arbitrarily port-forward to their printers so an external attack isn't that likely, but it's still a bit naff to have a hard-coded back door. Naff... but not unusual!

Sadly, with the growth of 'the cloud' it's increasingly the case that firms are making connected devices like printers and NAS boxes more internet visible than you might expect. You'd assume a sysadmin would insist on them being blocked at the perimeter and external access only via VPN but sadly some firms don't actually have a sysadmin (they just get in contract IT help as and when) and sometimes the sysadmin gets over-ruled by someone high enough up in the business hierarchy.

I suspect there are far more of the printers that are vulnerable to this exploit visible on the internet than either of us would hope.

Jon
Author:  ShockWaffle [ Sat Dec 01, 2012 3:53 am ]
Post subject:  Re: Samsung printers contain hardcoded backdoor account, US-CERT
jonbwfc wrote:
I suspect there are far more of the printers that are vulnerable to this exploit visible on the internet than either of us would hope.

The series of coincidences and absurd decisions required to end up with a public IP forwarding unfiltered SNMP traffic to a Samsung printer that is capable of returning the traffic back to the internet, and then for that IP to be known and exploited by a hacker who could be bothered attacking a printer, must be statistically so improbable that I would be amazed if any ever gets hacked.

Conversely, there are probably millions that are sitting on LANs right now with no password on their web interfaces.
Author:  JJW009 [ Sat Dec 01, 2012 9:53 am ]
Post subject:  Re: Samsung printers contain hardcoded backdoor account, US-CERT
I do actually remember reading an article recently about someone who's printer started producing reams of junk. I can't for the life of me remember exactly what the cause was exactly, but I do have vague recollections of it being "cloud" related and malicious.
Author:  ProfessorF [ Sat Dec 01, 2012 11:09 am ]
Post subject:  Re: Samsung printers contain hardcoded backdoor account, US-CERT
This one?

This one is also interesting.
Author:  JJW009 [ Sat Dec 01, 2012 11:42 am ]
Post subject:  Re: Samsung printers contain hardcoded backdoor account, US-CERT
ProfessorF wrote:
This one?

This one is also interesting.

I think the first one is probably the virus in the story I read.

The second story is well worth a read, and specifically relevant to this thread is this one quote:

Quote:
A quick scan of unprotected printers left open to Internet attack by the researchers found 40,000 devices that they said could be infected within minutes
Author:  jonbwfc [ Sat Dec 01, 2012 2:11 pm ]
Post subject:  Re: Samsung printers contain hardcoded backdoor account, US-CERT
Jon's second law : It's impossible to over-estimate the stupidity of people once they connect to the internet.
Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/