Home Business IT Security Samsung offers workaround for printer SNMP security issue

Subscribe now and get the news that matters to your industry.

* Your Email Address:
* First Name:
* Last Name:
Industry:
Job Function:
Australian State:
Country:
Email marketing by Interspire
weebly statistics

Disabling SNMP may mitigate a security vulnerability in Samsung printers until revised firmware is available.

Yesterday we reported on a vulnerability in Samsung's networked printers.

Samsung has provided the following statement:

Samsung is aware of and has resolved the security issue affecting Samsung network printers and multifunction devices. The issue affects devices only when SNMP is enabled, and is resolved by disabling SNMP.

We take all matters of security very seriously and we are not aware of any customers who have been affected by this vulnerability. Samsung is committed to releasing updated firmware for all current models by November 30, with all other models receiving an update by the end of the year. However, for customers that are concerned, we encourage them to disable SNMPv1,2 or use the secure SNMPv3 mode until the firmware updates are made.

For further information, customers may contact Samsung customer service at 1-866-SAM4BIZ for business customers or 1-800-SAMSUNG for consumers.

Those phone numbers aren't much help if you're outside the US. Samsung appears to have a single customer service number in Australia: 1300 362 603.

The CERT vulnerability note says the problem revolves around "a hardcoded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility" while Samsung says "The issue affects devices only when SNMP is enabled, and is resolved by disabling SNMP."

If disabling SNMP really does protect against the vulnerability, that would be no great loss for practically all home users or any organisation that doesn't use SNMP to monitor their network.

Security experts often recommend disabling any functions that are not required in order to reduce the attack surface - if a function is not available, an attacker will be unable to exploit its vulnerabilities.

When we checked the support pages for a few current Samsung network printers this morning, we found no mention of the issue or the firmware updates - presumably they will be there by tomorrow, November 30.

PROTECT YOURSELF AGAINST BANDWIDTH BANDITS!

Don't let traffic bottlenecks slow your network or business-critical apps to a grinding halt. With SolarWinds Bandwidth Analyzer Pack (BAP) you can gain unified network availability, performance, bandwidth, and traffic monitoring together in a single pane of glass.

With SolarWinds BAP, you'll be able to:

• Detect, diagnose, and resolve network performance issues

• Track response time, availability, and uptime of routers, switches, and other SNMP-enabled devices

• Monitor and analyze network bandwidth performance and traffic patterns.

• Identify bandwidth hogs and see which applications are using the most bandwidth

• Graphically display performance metrics in real time via dynamic interactive maps

Download FREE 30 Day Trial!

CLICK TO DOWNLOAD!

ITWIRE SERIES - IS YOUR BACKUP STRATEGY COSTING YOU CLIENTS?

Where are your clients backing up to right now?

Is your DR strategy as advanced as the rest of your service portfolio?

What areas of your business could be improved if you outsourced your backups to a trusted source?

Read the industry whitepaper and discover where to turn to for managed backup

FIND OUT MORE!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences, a PhD in Industrial and Business Studies, and is a senior member of the Australian Computer Society.

Connect