Samsung printers were deemed vulnerable after researchers discovered a hard-coded backdoor administrator account that could enable attackers to rewrite firmware or read network information.
The account can be accessed via the Simple Network Management Protocol interface and enables intruders to collect information from any device tied in to the network. The same security advisory emphasizes that Dell printers manufactured by Samsung are prone to the same vulnerability, enabling arbitrary code execution.
â€œA remote, unauthenticated attacker could access an affected device with administrative privileges,â€ according to the security advisory. â€œSecondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and the ability to leverage further attacks through arbitrary code execution.â€
Hewlett-Packard LaserJet printers were also found vulnerable by a team of researchers at Columbia University, by using Remote Firmware Update to overwrite the printersâ€™ off-the-shelf firmware. Although a HP spokesperson stated that â€œnewer printers do require digitally signed firmware upgrades , and have since 2009â€, the two researcher from Columbia University said that printers already compromised cannot be fixed.
â€œIf and when HP rolls out a fix, if a printer is already compromised, the fix would be completely ineffective.Â Once you own the firmware, you own it forever. Thatâ€™s why this problem is so serious, and so different,â€ said Columbia researcher Ang Cui. â€œThis is nothing like fixing a virus on your PC.â€
Since company printers are often tied in to local networks, the findings prove that previously unexplored attack vectors could lead to serious repercussions. US-CERT believes a viable solution to avoid such attacks would be to restrict access to the SNMP interface.