Sister CISA CISSP

Feb 10 2010   7:47PM GMT

Printers & Copiers & Data Theft, Oh My

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

It’s worthwhile to consider the printers, copiers and scanners (or all 3 together – multi-function devices) on your network. How many of your printers allow open access? Open ports? Can I telnet to your printers?

Why worry? Why bother? Well, if you google “printer hard drive,” you can see that hard drive sizes range from 32 megs to 80 gigabytes.

I read some years ago that hackers were using printer hard drives to store warez and other bad things, as well as using the hard drive as a “jumping off” site into the rest of the network. Your network.

For some nifty examples, you can visit Iron Geek’s page on the issue as it relates to HP printers. And do note that printers and copiers have default passwords that easily found on the Web. The info is a little dated (2006) but still quite good.

If you think this is so NOT news, consider that printer vulnerabilities are still coming out, but how many admins think to update their printer software. If you’re like me, only when there’s a problem with a printer.

Given that a printer/copier/scanner has that much storage on the network, what would be the kind of data it would be storing (until overwritten)? Consider the kinds of things that people print – reports, spreadsheets, confidential .PDFs, etc.

Sold or bought a used printer/copier/scanner recently? Did you clear the hard drive?

The confidential information on those hard drives might be medical information, financial information and/or credit card information. As a result, under regulatory laws, the company is liable.

80 gigabytes? Big OUCH.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: