Compare and contrast…
[The] Xerox 914 copy machine […] was used in soviet embassies all over the world. The machine was so complex that the CIA used a tiny camera designed by Zoppoth to capture documents copied on the machine by the soviets and retrieved them using a “Xerox repairman” right under the eyes of soviet security.
Samsung printers (as well as some Dell printers manufactured by Samsung) contain a hardcoded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility.
A remote, unauthenticated attacker could access an affected device with administrative privileges. Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and the ability to leverage further attacks through arbitrary code execution.
There’s no evidence that Samsung are working on behalf of the security services.
This could just be a snafu like the constant SCADA security bugs. The same bugs which were allegedly used to cripple Iran’s alleged nuclear ambitions with Stuxnet.
Are Samsung viewing all your print outs and forwarding them to South Korea’s Security Services? I honestly don’t know. You don’t know. No one knows!
This is one of the reasons that Open Source software is so important – especially for appliance-like devices.
Could your Samsung TV have a vulnerability that will let anyone see what you’re watching?
Or could the integrated camera start to watch you?
Does your Samsung phone have spy code which forwards your information to a third party?
Or does your Samsung phone let any application access your private information?
Open Source Software is far from perfect. But without being able to check the code which runs on our appliances, we’re at the mercy of “professionals” who fail again and again.
Even the most trivial device could have a significant impact – what happens if your Internet Fridge has a bug, mistakes your chicken for Halal, and then secretly reports your dietary preferences to the security services?
The first freedom of software is the freedom to study how the program works, and change it so it does your computing as you wish.
I’m not paranoid. The vital services which run our lives have bugs. Some are intentional, some are not. We must be able to check for the presence of these vulnerabilities and correct them when their supplier are unable or unwilling to do so.