Schneier on Security
A blog covering security and security technology.
« Stealing and Reselling Phone Minutes |
| Google's New Privacy Rules »
March 21, 2007
Stealing Data from Disk Drives in Photocopiers
This is a threat I hadn't thought of before:
Now, experts are warning that photocopiers could be a culprit as well.
That's because most digital copiers manufactured in the past five years have disk drives -- the same kind of data-storage mechanism found in computers -- to reproduce documents.
As a result, the seemingly innocuous machines that are commonly used to spit out copies of tax returns for millions of Americans can retain the data being scanned.
If the data on the copier's disk aren't protected with encryption or an overwrite mechanism, and if someone with malicious motives gets access to the machine, industry experts say sensitive information from original documents could get into the wrong hands.
Posted on March 21, 2007 at 12:10 PM
• 20 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Many years ago, the issue was the little microfilm that copiers kept of every image. Then as now the process involves an intermediate step between the original and the copy, and the question becomes: What to do with the internal recording?
To my knowledge, the issue was never resolved. I'm not sure what will happen this time either.
I seem to recall this trick was played in the cold war. I forget whether it was a KGB or CIA op, but the victims got suspicious when someone other than the "regular copier guy" opened the machine and found a lot of unusual gear inside. Sure enough, the copier had been making an electronic duplicate to internal memory, which was being downloaded whenever the thing broke down - which was suspiciously regularly. :)
A pretty clever hack, huh?
Unfortunately, most of these devices have multiple configuration interfaces. Web interfaces are the most obvious, so they will typically get a shared password. IT groups often forget or underestimate the telnet interface. Some printers now come with wireless NICs that default to Ad-Hoc mode.
Even more sinister than the document problem is that the operating systems of the devices can be modified to run custom code. This basically creates a machine that isn't monitored that can do anything it wants on your internal network. One nasty scenario would be to have it actively scan for network hives and try to copy that data to external entities.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.