Schneier on Security

Many of those machines have a "default" setup that allows you reproduce one of the last ten (at least) photocopy jobs. I'm sure you could walk into a photocopy store where the owners haven't been conscious of this and find out what the last few customers were copying. Same would apply in an office.

This has been an issue for as long as these multifunction machines have had hard drives in them. I've always warned clients that when replacing or retiring these systems that they need to ensure the drives are securely scrubbed or destroyed.

Many years ago, the issue was the little microfilm that copiers kept of every image. Then as now the process involves an intermediate step between the original and the copy, and the question becomes: What to do with the internal recording?

To my knowledge, the issue was never resolved. I'm not sure what will happen this time either.

I seem to recall this trick was played in the cold war. I forget whether it was a KGB or CIA op, but the victims got suspicious when someone other than the "regular copier guy" opened the machine and found a lot of unusual gear inside. Sure enough, the copier had been making an electronic duplicate to internal memory, which was being downloaded whenever the thing broke down - which was suspiciously regularly. :)

A pretty clever hack, huh?

Some time ago, campus security got a DMCA complaint that an IP address was serving out copies of "The Two Towers".

Turns out the IP address in question was assigned to a copy machine (running embedded NT). Vendor insisted that it was not possible for the machine to be hacked across the Internet.

Good times.

When these first came out 10+ years ago, the miliary instantly banned them from use with classified materials for this reason.

Marcus- IIRC, there was even a case where a small camera was installed to capture *who* was making the copies. Apparently just having the data wasn't enough... they wanted to know who else knew about it.

Interesting stuff.

If the HD is used for just data you could in theory just zap the HD with a nice powerful magnet to erase anything on it, say do it once a week. However, if it contains some kind of OS or other system info then it could become a major pain to get it back.

Never mind just the HD.

A lot of them use Windows or even better 'nix OS. If you can own it, you can have loads of fun and excitement on someone's network.

One site I was on recently the PC wasn't even embedded -- it was a laptop on a platform/arm bolted to the side.

I think the hd's run about 500 mb's in the standard small to medium office machines.

@Steve L.
Better don't zap the disk with a magnet. AFAIK these beasts store their firmware on the platters. You don't want to zap *that*.

How hard would it be to use something, like a GumStix computer with wireless LAN, to turn the copier into a server, with the page images being served up to the attacker as they are created?

Those hard drives ought to be discoverable in a law suit. Something to think about when updating your company's data retention policy, I guess.

Just what I needed: another reason to take a .357 magnum to the damn copier.

You can make copies of guns? That rocks!

@bob: Sure you can make copies of guns. Lots of companies, like Kimber and Springfield, make darn good copies of "Ol' Slabsides" (Colt 1911), and many of the Taurus revolvers are copies of assorted Smith & Wessons. :-)

Now if only producing them were as cheap as copying of a piece of paper....

Our copiers are also print servers, connected by ethernet. A bad guy could easily install some code to send out every document that was printed.

Unfortunately, most of these devices have multiple configuration interfaces. Web interfaces are the most obvious, so they will typically get a shared password. IT groups often forget or underestimate the telnet interface. Some printers now come with wireless NICs that default to Ad-Hoc mode.

Even more sinister than the document problem is that the operating systems of the devices can be modified to run custom code. This basically creates a machine that isn't monitored that can do anything it wants on your internal network. One nasty scenario would be to have it actively scan for network hives and try to copy that data to external entities.

Whaddaya know:
http://isc.sans.org/diary.html?storyid=2480&rss

I remember the Xerox 9000 series fax machines and how wonderful they were while I was working full-time. I also remember the MEMORY after faxing something. When I go to Kinkos-Fed-Ex and fax something, I delete it from the memory after it is sent and after I am done. You CAN recall pages and pages of previously faxed documents from the customers before you.
Does this mean they are stored on the memory even though you have deleted the fax you just sent???