Posted by: Arian Eigen Heald
Data Breaches, data security, Hardware & InfoSec
It’s worthwhile to consider the printers, copiers and scanners (or all 3 together – multi-function devices) on your network. How many of your printers allow open access? Open ports? Can I telnet to your printers?
Why worry? Why bother? Well, if you google “printer hard drive,” you can see that hard drive sizes range from 32 megs to 80 gigabytes.
I read some years ago that hackers were using printer hard drives to store warez and other bad things, as well as using the hard drive as a “jumping off” site into the rest of the network. Your network.
For some nifty examples, you can visit Iron Geek’s page on the issue as it relates to HP printers. And do note that printers and copiers have default passwords that easily found on the Web. The info is a little dated (2006) but still quite good.
If you think this is so NOT news, consider that printer vulnerabilities are still coming out, but how many admins think to update their printer software. If you’re like me, only when there’s a problem with a printer.
Given that a printer/copier/scanner has that much storage on the network, what would be the kind of data it would be storing (until overwritten)? Consider the kinds of things that people print – reports, spreadsheets, confidential .PDFs, etc.
Sold or bought a used printer/copier/scanner recently? Did you clear the hard drive?
The confidential information on those hard drives might be medical information, financial information and/or credit card information. As a result, under regulatory laws, the company is liable.
80 gigabytes? Big OUCH.