Neil Smith, an IT security expert, found a hidden embedded program in Samsung printers that makes it possible to remotely connect to them, change settings and manage printing. This is a real backdoor created by the manufacturer for the convenience of technical support experts.

Apparently, the company never disclosed the existence of such functionality. The same kind of program was found in Dell printers, which can be attributed to their mutual manufacturing contracts.

This backdoor uses a modified version of the SNMP protocol that is not visible in the list of connections and continues to work even if the user disables SNMP in the printer settings.

Since the information has been made public, emergence of working exploits for this vulnerability is just a matter of time. Obviously, these exploits will not try to intercept documents being printed, but will aim to execute arbitrary unauthorized code with administrator rights in an external network. Samsung believes that it will be able to release a patch before hackers find a way to create an exploit.

Mohamed Hassan, a graduate of Norwich University in Britain with a major in information security and the owner of NetSec Consulting, purchased a Samsung R525 laptop. After a full system scan with anti-spy and anti-virus software, he discovered a commercial keylogger called StarLogger in his С:\Windows\SL folder.

Mohamed analyzed the system and concluded that the keylogger had been installed by the laptop manufacturer.

He exchanged (for another reason) the laptop for a Samsung R540 from another store and found the same spyware preinstalled on it.

StarLogger (developed by Willebois Consulting, prices start from $23) is a commercial keylogger that logs key presses, creates screenshots and sends the collected data by email.

Mohamed contacted Samsung’s technical support service (inquiry #2101163379) and demanded an explanation. The reaction of the support staff gradually changed from complete denial and attempts to blame Microsoft as the supplier of the entire software package to finally admitting that the company intentionally installed such programs to “monitor the performance of customers’ computers and understand how they were used”.

It looks like Samsung collects data about the use of their computers without users’ consent. Don’t forget to check yours.

Three weeks after the incident, Jason Redmond (Manager, Marketing Communications at Samsung Electronics, Samsung) reported that an internal investigation had been started to deal with the situation.