Discover backdoor Samsung printers
Although we tend towards the goal of “zero paper” to any office in the world to visit printers see that, how could it be otherwise, are used to print documents, plans, presentations, etc. Although many times we focus, when we talk about security, personal computers, mobile devices or servers, printers usually also target documents and data of special importance not always taken into account when performing a risk analysis. Leave the printer abandoned after sending confidential documents to print can be a threat to information security companies, but has revealed Center Security Incident Response U.S. have a printer Samsung in our office can also involve a risk to security since its firmware hides a backdoor with administrator privileges.
A backdoor printers? A security risk? The ruling affects Samsung manufactured printers (and the data it has given the manufacturer) dated prior to October 31 this year and, along with Samsung printers, also affects Dell coming from the chains Korean manufacturer’s production. According to US-CERT , which has cataloged the failure since August and so far has not been made public, the firmware of Samsung has implemented (default) SNMP community with read-write and it is active even having disabled SNMP management on the computer from the administrator interface.
Put another way, this error would allow a third party (which was within our network) remotely manage equipment, information management and, of course, access the print queue and, looping the loop, intercept documents it pickpocket to print, change the printer settings or even execute code on your computer.
The list of teams affected by this bug is not known and, although the risk scenario is limited (it follows the network of our company), is a security issue that Samsung hopes to resolve before the end of the year by a patch firmware update (and presumably also indicate the models are affected by this bug). Meanwhile, the US-CERT recommends that users want to mitigate risk, block SNMP requests on port 1118/udp.
Although they may seem printers a peripheral that is without risk to the security of the information of our company, in addition to avoid leaving printed papers (especially if they contain sensitive information) left in the output tray of the computer, its firmware can also hide surprises. The question, of course, is to know how long this bug exists and also what design requirement responds (if it meets any).
Picture: ABC – ReutersTags: printers, Samsung, security