Samsung Printer “security”

Not much time today, so just a list of “features” I’ve discovered on my shiny new Samsung M2825 printer:

  1.  HTTP but no HTTPS (admittedly most devices do that since there is the problem of how to start the certificate chain)
  2. Default user / password: “admin” / “sec00000”
  3. No mention of open HTTP server in installation manual
  4. No mention in handbook
  5. Shipped with firmware from 2015
  6. Firmware update dialog does not indicate that new firmware is available
  7. Firmware update via file upload from PC – not convenient
  8. Ton of protocols switched on by default
  9. HTML Handbook broken (text only) after unpacking
  10. Firmware well-hidden on the support page (unfold and scroll down): http://www.samsung.com/de/support/model/SL-M2825ND/SEE (edit 2018-07-01: this link not available anymore)
  11. Password cut after 18 characters (no indication when entering new password)
  12. Offers to select source IP for login (probably intended to improve “security”)

tl;dr:

Another example that “S” stands for security in IOT.

Leave a Reply

Your email address will not be published.