Secret Admin Backdoor Accounts Found in Samsung Printers

This vulnerability has a surprisingly high potential to cause damage

By on November 28th, 2012 09:38 GMT

One would think that printers aren't much of a security risk, but while this was true a decade ago, it is no longer the case. Samsung's printer line is more or less clearly showing it.

There is a lot of software involved in the operation of today's printers, especially in regard to network connectivity.

Whereas once they needed to get every bit of information straight from the PC through a dedicated cable, printers have their own software now and can perform certain things on their own, especially when they have extra functions like scanning and photocopying.

This is why hackers have taken an interest in them, and why security companies have been making sure to check all new models for vulnerabilities.

The United States Computer Emergency Readiness Team (US CERT) found that some Samsung printers possess what essentially amounts to a backdoor admin account.

The vulnerability notice is very short, and completely fails to mention exactly which printers are a danger to their owners.

Models released after October 31 aren't affected, CERT says, but the ones before, whichever they are, can be hacked into, at which point they grant the “admins” access to administrative privileges and the ability to change configuration and, most importantly, access sensitive information.

And here people will say that printers don't store much of import, and we agree. Sadly, the backdoor grants access to the network information, credentials and whatever data is being passed to the printer, which could totally compromise private or important business documents.

“A remote, unauthenticated attacker could access an affected device with administrative privileges. Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and the ability to leverage further attacks through arbitrary code execution,” CERT explains.

A patch tool will be released before the end of the year (2012) to fix this problem. Samsung must still be compiling a list of the problematic printers if it has yet to say exactly which they are.

1 Comment