Serious Security Holes Exposed in Samsung, HP and Dell Printers, Researchers Say
Samsung printers were deemed vulnerable after researchers discovered a hard-coded backdoor administrator account that could enable attackers to rewrite firmware or read network information.
The account can be accessed via the Simple Network Management Protocol interface and enables intruders to collect information from any device tied in to the network. The same security advisory emphasizes that Dell printers manufactured by Samsung are prone to the same vulnerability, enabling arbitrary code execution.
“A remote, unauthenticated attacker could access an affected device with administrative privileges,” according to the security advisory. “Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and the ability to leverage further attacks through arbitrary code execution.”
Hewlett-Packard LaserJet printers were also found vulnerable by a team of researchers at Columbia University, by using Remote Firmware Update to overwrite the printers’ off-the-shelf firmware. Although a HP spokesperson stated that “newer printers do require digitally signed firmware upgrades , and have since 2009”, the two researcher from Columbia University said that printers already compromised cannot be fixed.
“If and when HP rolls out a fix, if a printer is already compromised, the fix would be completely ineffective. Once you own the firmware, you own it forever. That’s why this problem is so serious, and so different,” said Columbia researcher Ang Cui. “This is nothing like fixing a virus on your PC.”
Since company printers are often tied in to local networks, the findings prove that previously unexplored attack vectors could lead to serious repercussions. US-CERT believes a viable solution to avoid such attacks would be to restrict access to the SNMP interface.