Neil Smith, the researcher who reported his discovery to US-CERT has since then detailed of the Samsung SNMP backdoor on this Tumblr post. Smith tweeted today that working with Samsung was a frustrating experience and that because US-CERT published it, he went ahead with the disclosure.
@drbearsec it's been frustrating working with samsung. Internal ITsec at S confirmed it. Kr:HQ pulled them off. CERT pubd and so did I….
— Neil (@neilwillgettoit) November 28, 2012
In his post Smith has coded few starting bits of what he calls the NetWorkManager.class and has put down a custom MIB file that other security enthusiasts [read hackers] could use to further their research. One startling thing that Smith notes is that the community string has been found in firmware that was used way back in 2004. “Also, that community string has been found in firmware dating back to 2004,” notes Smith.
US-CERT has warned that users to follow good security practice and that they should only allow connections from trusted hosts. “As a general good security practice, only allow connections from trusted hosts and networks”, notes US-CERT in the vulnerability note. Printers from Dell that are manufactured by Samsung are also vulnerable.
