US-CERT warns: Samsung printers contain hardcoded backdoor account

“Printers manufactured by Samsung have a backdoor administrator account hard coded in their firmware that could enable attackers to change their configuration, read their network information or stored credentials and access sensitive information passed to them by users,” Lucian Constantin reports for IDG News Service.

“The hardcoded account does not require authentication and can be accessed over the Simple Network Management Protocol (SNMP) interface of the affected printers, the U.S. Computer Emergency Readiness Team (US-CERT) said in a security advisory,” Constantin reports. “The SNMP account found in Samsung printers has full read and write permissions and remains accessible even if SNMP is disabled using the printer’s management utility, US-CERT said.”

Constantin reports, “‘Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and the ability to leverage further attacks through arbitrary code execution,’ the organization said. It’s not just Samsung-branded printers that contain the administrative account, but also some Dell-branded printers manufactured by Samsung.”

Read more in the full article here.

[Thanks to MacDailyNews Reader “Paul” for the heads up.]

46 Comments

    1. Anything? Yes, such as every iPhone and iPad and Mac (the many components instead). iOS devices could not exist without Samsung inside…

      Dell printers? I wonder what other fully-manufactured consumer products (microwave ovens, TVs, washers, refrigerators, etc.) are made by Samsung and branded something else… Even if not assembled by Samsung, they probably have Samsung parts inside.

      So you are “buying “their stuff,” involuntarily.

      1. Think about it. If no one was buying anything from Samsung would Samsung still be in business? Spare me your moral indignation and hyperbole. Samsung is in the game for a long time. Apple will move on without Samsung ASAP and the sooner the better.

        1. Well, I’m saying basically the same thing you just said. No “moral indignation and hyperbole,” just reality… If you are an Apple fan (or even just a typical consumer), you are buying “Samsung stuff” whether you want to or not.

          Also, to “move on without Samsung” is not a simple thing, or Apple would have done it by now. If Apple excludes Samsung as a potential supplier, Apple may not get the best price on many components. Also, one key advantage Apple has is to use its volume purchasing power to “pre-order” components in advance (of the immediate need), locking in a potentially lower cost for future production, AND locking out the competition from that supply. If Apple excludes Samsung as a supplier, Apple’s competition will have better lower cost access to the supply of key components.

          So, in reality, Apple may reduce dependence on Samsung, but Apple will not “move on without Samsung ASAP.” And that’s actually as it should be, because Apple should NOT allow one key part of its business (selling products) from negatively impacting another one (manufacturing those products).

          1. I can’t believe that you are advocating that we buy Samsung consumer products as if Samsung has done nothing wrong. When we BOYCOTT SAMSUNG CONSUMER PRODUCTS, we send them a message. When we go on with ‘business as usual’, we also send them a message. What message do you advocate people send Samsung?

            1. No one is advocating patronizing Samsung. The point is that until Samsung is completely out of business for many years the possibility exists that one or more Samsung components may inhabit one or more of your electronic or electrical devices. If you can’t stomach Samsung components in your Apple devices I suggest you donate them to a worthy cause and boycott Apple products that contain Samsung components.

              By the way, what Apple products currently have Samsung components and how many do you own?

            2. I think if you read my post carefully, I state that people BOYCOTT SAMSUNG CONSUMER PRODUCTS. As far as I know, Samsung does not own Apple Inc. I did not say that people should boycott anything Samsung.

              I guess you missed that.

            3. You must have a reading comprehension problem, if you thought what I wrote meant that I was “advocating that we buy Samsung consumer products.”

          2. If Apple drops Samsung as a supplier, who else can purchase in similar volumes to secure such low prices? Sure. Other companies may have an easier time of acquiring the components, but they do not have the economies of scale to get them at the prices Apple can.

            1. What you just wrote makes zero sense…

              If Apple drops Samsung as a supplier, Samsung will have EXCESS production capacity. They will gladly supply other buyers at a lower price. It may not be as low as what Apple got, but it will lower than it would have been if Apple was not intentionally avoiding buying from Samsung. Advantage competition.

              Think of it this way. Apple is not just buying components; at the scale we are talking about, Apple is buying production capacity to produce those components. When Apple buys the right to future production capacity at a set low price, those components become more expensive (more scarce) for everyone else. That’s precisely BECAUSE they “do not have the economies of scale” that Apple has, nor do they have the financial resources to “tie up” future production in advance.

              Intentionally avoid Samsung, and a large chunk of production capacity (for the industry) becomes available to the competition, and their cost will be lower. Meanwhile, Apple’s cost will likely be higher, because with Samsung intentionally excluded, Apple’s supply will be more constrained and the remaining suppliers can ask for more.

              So, as I said already, Apple should keep the “selling the stuff” part of its business separate from the “making the stuff” part of its business. Don’t let one overly influence the other. Use all available tools (including legal action) to “sell the stuff” as profitably as possible; use all available tools to “make the stuff” at the lowest possible cost. It seems THAT is exactly what Apple has been doing.

            2. What you say makes no sense.

              Let me simplify. Envision a car assembly line. It will cost more for a manufacturer to make one car than a hundred because of the machinery, employees, etc that is required to get it running. Since other companies who need these components won’t be able to purchase in the quantities as Apple, they will have to pay more for them.

              As for Apple paying higher by moving to different suppliers, yes, initially, it may very well be the case. However, as relationships improve don’t you think they will increase capacity? In the meantime, the dormant or slow Samsung factories will become and increasing burden for them.

              I agree that Apple should not get in to the business of manufacturing components. That’s not what they do. Managing channel and supply chains is what they do well.

            3. I did NOT say competing companies will be able to pay LESS THAN APPLE for components. I said they will be able to pay less than THEY would have before (not less than Apple), IF Apple made the silly move of intentionally excluding Samsung as a supplier. And that gives them (Apple’s competition) an advantage they did not previously have when Apple was able to manipulate the available supply (“corner the market”) on key components. So Apple loses that advantage, if they intentionally exclude Samsung as a supplier, and they won’t do that.

              And you agree with me on the rest of my comment…

              There seems to be a rash of reading comprehension issues on this thread. 🙂

          3. I will avoid buying anything that has a Samdung label on the ouside, sure there are parts made by Samdung, on the inside, but at least another manufacturer gets some profit other than just Samdung. I think they should put Samdung free stickers on the outside of products that dont contain any samdung parts in it.

      2. I was really talking about Samsung branded products. I see them all over the place and am amazed, but that’s just because I think Samsung is the lowest form of pond scum. I understand that many of the electronic products I own contain components manufactured by Samsung. I would like for it not to be so, but in the meantime, I will steer clear of any Samsung branded product, or any product manufactured by Samsung (exclusively) to be re-branded by another reseller (i.e., Dell, which I wouldn’t buy anyway).

        1. Weak answer. Your lack of moral courage and blatant hypocrisy are pathetic and laughable. If Apple refused to slap a “Samsung-free” label on its devices would you refuse to purchase it?

          Enjoy your Apple products knowing that deep in the recesses of your Apple device Samsung is flipping you off. Pleasant dreams!

          1. Now you’re just being a dick or a troll.

            Stop buying branded products. It’s easy to do and identify.
            Trying to identify what random household product has Samsung parts in it? Almost impossible. Stove, microwave, vacuum, stereo? Just about every electronic piece of equipment in your house probably has some Samsung part in it.

            So boycotting them… If enough people do it, it could affect their quarterly reports. Problem is, most people have short memories and forget the “cause” they joined 3 months ago and say oh well.

  1. A feature probably required in many, if not all, printers, phones, and computers. To protect us from the terrorists, you know. Uncle Sam has the key safely hidden from the bad guys. So you can sleep well tonight knowing that Uncle Sam’s benevolent eye is watching you….constantly.

    1. Any chip manufactured by Samsung is not to be trusted. They are in your iPhone, iPad,…
      Samsung “smart” TVs have access to your DLNA devices (e.g., files on your Mac, given the proper setup). With these credentials they can phone home.

  2. And why wouldn’t they include a hardcoded back door?
    This way they can steel everybody’s Intellectual Property directly …. along with bank information …. medical records

  3. Sammy doesn’t make money on TVs or home appliances, so I think it’s okay to buy those, because Sammy loses money. Helping Sammy lose money seems like a good strategy.

    Don’t buy their telecom equipment, because that’s where they make a TON of money. Just look at Asymco’s latest charts.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.