|
View unanswered posts | View active topics
It is currently Mon Jun 09, 2025 5:09 am
|
Page 1 of 1
|
[ 9 posts ] |
|
Samsung printers contain hardcoded backdoor account, US-CERT
| Author |
Message |
|
Amnesia10
Legend
Joined: Fri Apr 24, 2009 2:02 am
Posts: 29240
Location: Guantanamo Bay (thanks bobbdobbs)
|
 Samsung printers contain hardcoded backdoor account, US-CERT warns http://www.computerworld.com/s/article/print/9234079/Samsung_printers_contain_hardcoded_backdoor_account_US_CERT_warns | | | | Quote: Printers manufactured by Samsung have a backdoor administrator account hard coded in their firmware that could enable attackers to change their configuration, read their network information or stored credentials and access sensitive information passed to them by users.
The hardcoded account does not require authentication and can be accessed over the Simple Network Management Protocol (SNMP) interface of the affected printers, the U.S. Computer Emergency Readiness Team (US-CERT) said in a security advisory.
SNMP is an Internet protocol commonly used to monitor and read statistics from network-attached devices.
The SNMP account found in Samsung printers has full read and write permissions and remains accessible even if SNMP is disabled using the printer's management utility, US-CERT said.
"Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and the ability to leverage further attacks through arbitrary code execution," the organization said.
It's not just Samsung-branded printers that contain the administrative account, but also some Dell-branded printers manufactured by Samsung. | | | | |
_________________Do concentrate, 007... "You are gifted. Mine is bordering on seven seconds." https://www.dropbox.com/referrals/NTg5MzczNTkhttp://astore.amazon.co.uk/wwwx404couk-21
|
| Fri Nov 30, 2012 4:02 am |
|
|
|
jonbwfc
What's a life?
Joined: Thu Apr 23, 2009 7:26 pm
Posts: 17040
|
Remind me again, is SNMP a routable protocol? If it isn't, you'd actually have to be on the same network segment as the printer to access the data.
Jon
|
| Fri Nov 30, 2012 9:04 am |
|
|
|
JJW009
I haven't seen my friends in so long
Joined: Thu Apr 23, 2009 6:58 pm
Posts: 8767
Location: behind the sofa
|
Not sure what you mean there. SNMP goes over TCP/IP so it's routable, but you'd still need a route to get to it. Also, the article implies that it's not SNMP that's the problem per say. It's that the SNMP user has full access rights to the admin interface. I doubt many people arbitrarily port-forward to their printers so an external attack isn't that likely, but it's still a bit naff to have a hard-coded back door. Naff... but not unusual! _________________jonbwfc's law: "In any forum thread someone will, no matter what the subject, mention Firefly." When you're feeling too silly for x404, youRwired.net
|
| Fri Nov 30, 2012 11:02 am |
|
|
|
jonbwfc
What's a life?
Joined: Thu Apr 23, 2009 7:26 pm
Posts: 17040
|
There are routing protocols, routed protocols and non-routed protocols. I thought SNMP might be one of the non-routed protocols but it appears I was mistaken. Sadly, with the growth of 'the cloud' it's increasingly the case that firms are making connected devices like printers and NAS boxes more internet visible than you might expect. You'd assume a sysadmin would insist on them being blocked at the perimeter and external access only via VPN but sadly some firms don't actually have a sysadmin (they just get in contract IT help as and when) and sometimes the sysadmin gets over-ruled by someone high enough up in the business hierarchy. I suspect there are far more of the printers that are vulnerable to this exploit visible on the internet than either of us would hope. Jon
|
| Fri Nov 30, 2012 3:05 pm |
|
|
|
ShockWaffle
Doesn't have much of a life
Joined: Sat Apr 25, 2009 6:50 am
Posts: 1911
|
The series of coincidences and absurd decisions required to end up with a public IP forwarding unfiltered SNMP traffic to a Samsung printer that is capable of returning the traffic back to the internet, and then for that IP to be known and exploited by a hacker who could be bothered attacking a printer, must be statistically so improbable that I would be amazed if any ever gets hacked. Conversely, there are probably millions that are sitting on LANs right now with no password on their web interfaces.
|
| Sat Dec 01, 2012 3:53 am |
|
|
|
JJW009
I haven't seen my friends in so long
Joined: Thu Apr 23, 2009 6:58 pm
Posts: 8767
Location: behind the sofa
|
I do actually remember reading an article recently about someone who's printer started producing reams of junk. I can't for the life of me remember exactly what the cause was exactly, but I do have vague recollections of it being "cloud" related and malicious.
_________________jonbwfc's law: "In any forum thread someone will, no matter what the subject, mention Firefly." When you're feeling too silly for x404, youRwired.net
|
| Sat Dec 01, 2012 9:53 am |
|
|
|
ProfessorF
What's a life?
Joined: Thu Apr 23, 2009 7:56 pm
Posts: 12030
|
This one? This one is also interesting.
|
| Sat Dec 01, 2012 11:09 am |
|
|
|
JJW009
I haven't seen my friends in so long
Joined: Thu Apr 23, 2009 6:58 pm
Posts: 8767
Location: behind the sofa
|
I think the first one is probably the virus in the story I read. The second story is well worth a read, and specifically relevant to this thread is this one quote: _________________jonbwfc's law: "In any forum thread someone will, no matter what the subject, mention Firefly." When you're feeling too silly for x404, youRwired.net
|
| Sat Dec 01, 2012 11:42 am |
|
|
|
jonbwfc
What's a life?
Joined: Thu Apr 23, 2009 7:26 pm
Posts: 17040
|
Jon's second law : It's impossible to over-estimate the stupidity of people once they connect to the internet.
|
| Sat Dec 01, 2012 2:11 pm |
|
|
|
|
Page 1 of 1
|
[ 9 posts ] |
|
Who is online |
Users browsing this forum: No registered users and 9 guests |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
|
|
