April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

Printers could offer hackers a way in, warns computer readiness team

Some printer models are vulnerable to hackers because of a code flaw, warned the U.S. computer security emergency response team.

In a vulnerability note issued on Nov. 26 and updated on Nov. 29, the U.S. Computer Emergency Readiness Team (CERT) said Samsung printers and some printer made for Dell by Samsung could be vulnerable.

CERT said Samsung printers contain a hardcoded Simple Network Management Protocol (SNMP) code that could allow a remote attacker to take control of an affected device. Specifically, it said the printers contain a hardcoded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility.

Using the flaw, it said remote, unauthenticated attackers could access an affected device with administrative read/write privileges. They might also be able to make changes to the device configuration, access to sensitive information like device and network information, credentials, and information passed to the printer, and possibility use the ability to leverage further attacks through arbitrary code execution.

According to CERT, both Samsung and Dell have said that models released after October 31, 2012 are not affected by the vulnerability. The companies have also indicated that they will be releasing a patch tool later this year to address vulnerable devices.

CERT recommended disabling ports on the printer could help mitigate the risks, as well as restricting access to them, as well as disabling SNMP protocol, but noted that solution might be have some drawbacks.  “Note that the vulnerability reporter has stated that the community string that remains active even when SNMP is disabled in the printer management utility,” said the CERT.

“As a general good security practice, only allow connections from trusted hosts and networks,” it said. “Restricting access would prevent an attacker from accessing an SNMP interface using the affected credentials from a blocked network location. (e.g. Using IP filtering and Mac address filtering)

 Samsung issued a statement acknowledging the flaw and said a patch would be available on Nov. 30 and wasn’t aware of it having been exploited. "Samsung is aware of and has resolved the security issue affecting Samsung network printers and multifunction devices. The issue affects devices only when SNMP is enabled, and is resolved by disabling SNMP," said the company’s statement.

According to Samsung, an update for other models will be available by the end of the year. "However, for customers that are concerned, we encourage them to disable SNMPv1.2 or use the secure SNMPv3 mode until the firmware updates are made."

 

Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...