Photocopier Security

A modern photocopier is basically a computer with a scanner and printer attached. This computer has a hard drive, and scans of images are regularly stored on that drive. This means that when a photocopier is thrown away, that hard drive is filled with pages that the machine copied over its lifetime. As you might expect, some of those pages will contain sensitive information.

This 2011 report was written by the Inspector General of the National Archives and Records Administration (NARA). It found that the organization did nothing to safeguard its photocopiers.

Our audit found that opportunities exist to strengthen controls to ensure photocopier hard drives are protected from potential exposure. Specifically, we found the following weaknesses.

  • NARA lacks appropriate controls to ensure all photocopiers across the agency are accounted for and that any hard drives residing on these machines are tracked and properly sanitized or destroyed prior to disposal.

  • There are no policies documenting security measures to be taken for photocopiers utilized for general use nor are there procedures to ensure photocopier hard drives are sanitized or destroyed prior to disposal or at the end of the lease term.

  • Photocopier lease agreements and contracts do not include a "keep disk"1 or similar clause as required by NARA's IT Security Methodology for Media Protection Policy version 5.1.

I don't mean to single this organization out. Pretty much no one thinks about this security threat.

Posted on January 2, 2017 at 6:12 AM • 43 Comments

Comments

Edward BrodeJanuary 2, 2017 6:51 AM

These photo copiers, of course are part of the Internet of Things, since they are often multi-function devices that work as printers & faxes as well as photocopiers and are accessed via Wi-Fi.

Peter KnoppersJanuary 2, 2017 6:52 AM

I know (from an inside source) that Ricoh has procedures to thoroughly erase hard drives (and any other storage media) when one of their rental machines is returned. This even includes procedures describing how to handle any documents that somehow got lost inside the machine.

TatütataJanuary 2, 2017 7:33 AM

Most of these top-of-the-line copiers are network devices and operate under a service contract. They regularly phone home to send diagnostic information, and the technician already knows a lot about the device before he even enters the building.

The stuff copied (and printed) is thus potentially compromised before the device is even taken out of service.

I wonder if the TLAs already have a program running, or if printers could fall under proposed device access laws and all-writs requests...

At a previous job I found out one day that my supervisor knew how much each of his underlings used the network printer, and seemed to base his opinion on that information. (I'm not sure which way it went. If you print a lot, you're either very hard working or very inefficient...)

While I'm ranting on the subject of paper-handling peripherals... (BTW, it's not the first time I allude to this issue here).

I wasted a lot of time trying to scan a perfectly innocent document, with the device(s) consistently failing to produce a file. It would just go back to the scan setup menu without any further ado.

I eventually succeeded on a completely different model.

I later learned of a pattern used on bank notes designed to foil scanning. I went back to the device and checked with a note, and was able to reproduce the behaviour. My original document must have had just the right pattern of "o"'s to produce a false positive.

How were governments ever able to entice or force manufacturers to silently cripple their products apparently without a law?

WmJanuary 2, 2017 7:42 AM

Another reason I never let my driver's license or other vital documents be copied. If you were raised in the Nazi or post Nazi era, you will forever be opposed to prying and any recording of your personal documents and affairs. I refused to allow a doctor to make a copy of my DL, to the dismay of his receptionist. I will walk away from a motel that demands to make a copy. They can see it, but not copy it. If they don't like it, they can do without my business. I also immediately cancel the temporary card number so that they can't try to charge me anyway.
Unfortunately, most people today are wimps and cannot take such a stand.

Clive RobinsonJanuary 2, 2017 7:49 AM

@ Tatütata,

I later learned of a pattern used on bank notes designed to foil scanning.

It's often called "The constalation of EURion / orion" and has an international standard. You can read more at,

https://en.m.wikipedia.org/wiki/EURion_constellation

However it might not have been that, there are a whole host of other issues.

Some time ago it was found that for various reasons not fully explained some copiers would copy the measures on technical drawings incorrectly when producing PDFs.

Thus printers have a lot more AI type front end than you might expect. Thus where there is unknown capacity, there is room for mice to play...

Clive RobinsonJanuary 2, 2017 7:59 AM

@ Peter Knoppers,

I know ... that Ricoh has procedures to thoroughly erase hard drives ... when one of their rental machines is returned.

All suppliers of ICT equipment to NATO and similar organisations are required to have proceadures to do this. However the technical requirments are like TEMPEST requirments effectively secret. Which means that your service contracts are different, and only those technicians in the know are supposed to work on the equipment.

That said if you know the "magic" works order code it will be done without question. This is because some commercial customers may undertake defence and other related National Security work in a small subsection of the organisation, and thus what you might describe as "cover" may be broken if the order code is queried.

TatütataJanuary 2, 2017 8:06 AM

Thanks Clive, I had it at the tip of my tongue, er, fingers. IIRC, the method was/is covered by a patent.

The compression you're referring to is JBIG2, and the coder is in my eyes essentially glorified OCR software, and it was there in those Xerox printers. I didn't mention it for fear of showing my tin-foil protection, but

The feature was however was disabled, not out of fear of document corruption, but more likely because there wasn't too much software capable of decoding it.

The fellow who discovered the JBIG2 corruption (obvious in retrospect) made a presentation at this year's CCC congress about text-mining and analysing a major German media outlet.

(The 33C3 event is over since Friday, but I'm still binge watching).

Ano NymeriaJanuary 2, 2017 8:25 AM

Not only is there too little thought about this; you can even run into career obstacles.

I once had to proxy a CTO, and first things to do was harden the IT infrastructure. So among other things I finally set (not CHANGED, but SET) a password to the company's (leased) Ricoh network attached printer/scanner/fax. Guess what? CEO ranting about something he couldn't do anymore, and after I explained, I was told to revert this. Needless to say the company's infrastructure was a complete mess, I tried to change that, but infrastructure costs money, doesn't earn, so I failed because other things were prioritized.

"Change, like, leave." Guess what.

Clive RobinsonJanuary 2, 2017 8:51 AM

@ Tatütata,

I didn't mention it for fear of showing my tin-foil protection,

Yes it does sound a little paranoid when you try describing it to people (honest folks look up Jbig2 on wiki to get a tiny inkling of the madness it can induce)...

I finally found the page I originaly read about it on. Because of the "fantastical" way it sounds, I'll let others read it for themselves,

http://www.dkriesel.com/en/blog/2013/0802_xerox-workcentres_are_switching_written_numbers_when_scanning

So they will not think we both need a little more than just a tin foil hat ;-)

WaelJanuary 2, 2017 9:02 AM

Pretty much no one thinks about this security threat.

Good thing you said "Pretty much", because some did and included other threat vectors as well. Most of the protection technology is applied in the printer world, but there is nothing to stop the same capabilities to be deployed in copiers.

Np237January 2, 2017 10:33 AM

I am surprised that you seem to discover this threat vector. Photocopier security is very important in our company and we’ve been taking it seriously for years.

And some manufacturers do take it seriously as well. They no longer require out-of-band UMTS connections for maintenance, and now allow you to have control over administration. They encrypt communications and hard drives, they erase the drives conforming to government guidelines.

The new kind of vulnerabilities they didn’t think about is that they use USB for internal connections, and the connectors are often easily accessible.

Dirk PraetJanuary 2, 2017 10:34 AM

@ Ano Nymeria

... CEO ranting about something he couldn't do anymore, and after I explained, I was told to revert this.

Anyone who has ever done any security related work has had similar experiences. Unless you or your (IT) manager have obtained unequivocal project buy-in from the board by means of a really nice slide show in layman's terms explaining the business case and the associated ROI (risk of incarceration), you're doomed to fail.

Never do any security work for or on behalf of companies that are absolutely clueless about why it should be done or have no specific business case to do so. Best case scenario is that you're blamed for everything that suddenly "doesn't work" anymore, worst case is that you also end up not getting paid. QED.

@ Clive, @ Peter Knoppers

Ricoh has procedures to thoroughly erase hard drives ... when one of their rental machines is returned.

The standard procedure kinda everywhere for traditional hard disks on x86 systems is a wipe delete using DBAN (or similar utilities), thoroughly overwriting everything with pseudorandom numbers generated by Mersenne twister or ISAAC. For SSD's, the only secure method is shredding them. If you really want to be sure that nothing can be retrieved, shred the traditional hard disks too. I once knew a guy who was able to retrieve data from a hard disk he had actually shot.

@ Wm

Unfortunately, most people today are wimps and cannot take such a stand.

Unfortunately, it has become less and less possible to get by with cash only and merely flashing id instead of having it copied. That is unless you want to stay in really dodgy motels and are ok trusting the informed opinion of a medic who has his degree from Trump University.

Clive RobinsonJanuary 2, 2017 11:04 AM

@ Wael,

Most of the protection technology is applied in the printer world, but there is nothing to stop the same capabilities to be deployed in copiers.

Yup, there is a major university in london which had an all singing all dancing networked scanner / printer / copier in the IT dept it had an in built Sparc computer running Solaris... One day it developed a "porn habit" shortly there after a music and film habit as well. It was when it also started serving them out again on a P2P network that it came to somebodies attention...

Apparently some one outside the University had used a simple buffer overflow attack in the login program (type in 60 'A's then a couple of other keys) to get a root shell and "Do der ting"...

Bong-Smoking Primitive Monkey-Brained SpookJanuary 2, 2017 12:11 PM

@John O Adams,

Sounds good! A couple of questions, though...

"hard drive surrender/wipe"

Not the best word to use ;) It implies the action comes with a subpoena!

option for our customers.

Customers as in previous owners? Or my spooky ilk?

VJanuary 2, 2017 12:14 PM

Does The Donald's distrust of computers extend to copy machines? Will the White House be installing mil-spec carbon paper shredders?

bearJanuary 2, 2017 1:02 PM


I've faced that problem before (higher-ups objecting to a security upgrade which meant that they themselves could no longer covertly break security). When it became clear that they intended to revert against recommendations by a half-dozen security people they'd called in, and their own legal department, and consultants about minimizing lawsuit exposure, etc., I just paid them their break fee out of what they'd paid me so far, and left. I wind up at or below "minimum wage" (a concept nearly meaningless as a contractor) for the job but there is no saving some people.

The reason nobody thinks of this threat is because there is no legitimate need for a photocopier to have a hard drive and the hard drive is no use to the actual customer. Early photocopiers didn't have them. Nobody sent out a memo when newer photocopiers started to have them. They added no functionality visible to the people who use them, so nothing notified the users that they were there. And people who willfully ignore security went on in blissful ignorance.

Photocopiers and printers popped up on my radar the instant they got their own IP addresses as opposed to being a peripheral attached to some particular machine. They were sending outbound packets through the company firewalls, and I shut that down hard. And then argued with IBM and Xerox about what information they needed to do maintenance and whether their maintenance people could damn well get it inside the security perimeters instead of remotely.

tyrJanuary 2, 2017 2:03 PM


Many years ago the Xerox service tech used to
changeout the microfilm canister as part of
the routine servicing of copiers. The Rus
embassy wishing to be moderne had purchased
copiers. This gave Xerox a very embarassing
level of access to every document copied by
their machinery.

Things haven't changed a bit since those days.
The tech has mutated to a new level but the
in-built attacks have never ceased. It's the
same thing seen in the illegal spying on the
telegraph which has never even slowed down
as the communications grew the snooping kept
pace with it.

The only minor difference is governments are
now trying to get legalisms in place so the
activities will look like they are acceptable.

What started out as blatantly illegal behavior
on the part of some minor bureaucracy has a
nasty habit of mutating and spreading through
the entire governance system like a plague.
That's why all the Law enforcement groups are
now proclaiming they have National security
missions on their letter heads.

First the emperor recruits the Praetorians to
protect him, a few decades later they auction
off the emperorship to the highest bidder.
The entire empire went down the drain because
of it leaving the ordinary citizen in the
rubble gazing at accomplishments he hadn't a
clue how to build himself. The best thing we
have to look forward to is that the repeat of
history is as a farce the second time around.

@Clive

I remember that one. the thought of a
number changer working over a blueprint to a
new set of numbers was as priceless as Intel
announcing that they had f88ked up the math
co-processor internal to their CPU so it gave
you wrong answers by design. Building massive
infrastructure with such marvellous tools is
a nice recipe for some unforseen consequences.

Clive RobinsonJanuary 2, 2017 3:08 PM

@ V,

Will the White House be installing mil-spec carbon paper shredders?

No, they are not alowed to do what you are implying, by law.

So either the law will need to be changed, or "The Donald" will have to pull a similar trick as J W Bush's vice president did to avoid all conversations, notes and other records kept...

MikeAJanuary 2, 2017 5:31 PM

The more things change...

In the late 1960s I worked as a security guard (graveyard shift, so I could attend college in the daytime) at a factory that made high-end luggage and ejection seats, among other things. There was a hard-and-fast rule that no car got through the gates without being logged and having the trunk/boot checked. All cars, that is, other than those of the company president and a couple VPs, whose cars were not even to be logged.

Fast-forward 40 years and I'm working at a company where all "officers" (and their admins) have easy drop-down menu ability to log into any system _as_ any user.

I'd be astonished if the copier-repair guy was the biggest threat to the average company. BTW: As I recall, the hard-drives were added to make it easier to scan a multi-page document once, then print many (paginated) copies. Faster for the customer, and so convenient that more consumables are consumed. ("Win Win!"). So not _totally_ a nefarious plot.

mozJanuary 2, 2017 5:39 PM

What I have noticed nobody has mentioned yet is that:

a) some printers have access to networks shares (acting as scanners)
b) those printers often require you to type in your password
c) as I remember, sometimes they remember that password for next time
d) often IT departments won't allow you to use the alternate features instead ("for security")

Needless to say, much hilarity can follow. I have a feeling I remember a previous discussion somewhere about how photocopiers have general computer operating systems but are never upgraded.

TedJanuary 2, 2017 7:01 PM

The FTC provides some good tips on digital copier security.
https://www.ftc.gov/tips-advice/business-center/guidance/copier-data-security-guide-businesses

According to the FTC, safeguards designed to protect sensitive data on computers and paper, would also apply to data managed by a digital copier. As a general rule, the consumer protection agency recommends encryption and data overwriting on copier equipment, as well as the use of a passcode. The FTC also suggests putting a sticker on the equipment to remind a responsible party to properly handle the copier's hard drive at the end of lease or end of service life. Certain types of data, such as credit reports, background checks, etc, have additional data compliance obligations under data protection laws.

Sharp goes into greater detail in their security suite brochure, providing info on industry specific concerns, a security checklist, vulnerabilities and countermeasures, and a good overview of multi-layered protective security features.
http://siica.sharpusa.com/Document-Systems/Security

Nick PJanuary 2, 2017 7:24 PM

@ Bruce

I was pretty sure the Common Criteria covered this. Sure enough, the certification docs show they at least have a high-level idea for what securing printers takes. It has disk encryption for stored copies, audit logs, security protocols for networking, and smartcard authentication. I think there could just be a difference in the consumer vs government versions. Price and demand probably factor into that, too.

Another government office had a guide in 2010 that looked pretty thorough, too.

ArclightJanuary 2, 2017 8:31 PM

Most IT equipment we sell has an extra-cost "Maintenance Disk Retension" (or similarly-named) option. This contractually requires tall failed storage media be left at the customers site for whatever type of disposal they deem acceptable.

All of the "Enterprise" IT vendors have this on the regular menu - I would be surprised if the larger office equipment vendors didn't also.

Arclight

NicolasJanuary 2, 2017 8:54 PM

First heard of this on Security Now many years ago. Given the market for out of service photocopiers from government facilities and other such places with sensitive information it's certainly a concern.

neillJanuary 2, 2017 9:23 PM

IMHO any device with flash (eg SSD) storage has to have its flash memory physically destructed, either by shattering (shredding) the die, cell or structure changes (eg sparks), or overheating (destrying the structure as well)

due to wear leveling / trim / overcapacity you never know exactly where data will be written, password hashes are lurking, and/or if those areas are accessible to the 'erase' programs and have been successfully overwritten

TLC or MLC will probably be more difficult to recover data with eg scanning electron microscopes etc, or layered high capacity devices since removing one layer will probably damage the die (interconnects) as well

WinterJanuary 3, 2017 4:13 AM

@neil
"due to wear leveling / trim / overcapacity you never know exactly where data will be written, password hashes are lurking"

I have always wondered why repeatedly filling up the SSD memory with PRNG bytes will not remove any remaining data. I assume some blocks will be removed from the pool occasionally. But is that enough to be unable to wipe an SSD?

neillJanuary 3, 2017 4:44 AM

@winter

"overprovisioning" = physical capacity > user accessible capacity

look at www.kingston.com/us/ssd/overprovisioning

but due to wear leveling you'll never know which chips contain which data, or how many have been taken "out of service" but still contain valuable info, depends on controller firmware & algorithm

cphinxJanuary 3, 2017 6:43 AM

One of my favorite types network devices to poke with a sharp-edge during an audit are printers. I have seen them used as everything from a pivot-point while navigating compromised networks, to bots on a botnet, to exactly what this discussion is about; a data-dump.

Even more exciting is dropping a LAN-stick on a networked printer and using it as a scan point or node and allowing SSH access to other portions of a network. Which, I might add, could also allow for the introducing of key loggers if the OS of the printer has been compromised (targeting the network passwords previously mentioned).

Although I'm not one of those crazy "everything is vulnerable" kind of guys, I guess the truth is... everything is vulnerable to something. Printers are no different.

It seems like in this post there is a good mixture of experience in both vendor and consumer categories. Both have excellent concerns... the consumer seems to be concerned with the protection of their data, post contract. While the vendor seems to generally state that precautions have been taken.

As a security practitioner, regardless of the credibility of a vendor, I generally only trust my team with "security". If the Board doesn't deem printers a high enough risk to be mitigated, then have someone pentest the printers to show what could be done. If the organization uses printers haphazardly without concern (which is most definitely the case), then enforce new policies (if possible). If the vendor won't allow for you to securely administer and/or destroy storage medium at the end of contract or end-of-life, find a new vendor.

As many of you know, security isn't about putting up firewalls that negate every vulnerability, it's about putting up the "right" firewalls which mitigate necessary risks to the right degree of cost/benefit. Outside of that scope, the best that you can do is educate end users and hope the idea sinks in.

That's my thought on this subject anyway.

Dirk PraetJanuary 3, 2017 8:04 AM

@ MikeA

I'd be astonished if the copier-repair guy was the biggest threat to the average company.

The biggest (security) threat to any company is people that for whatever reason feel they are exempt from security policies or think that breaches only happen to others.

@ uh, Mike

So, is there a market for copiers that don't keep a journal?

Judging from a quick search for stencil machines, I'd say there is. From my own experience, there even is a market for old-timers that come up with mechanical or analog solutions for security issues their young, tech-crazed counterparts have totally forgotten about or have never even heard of. A while ago, my seventeen year old niece who can't even imagine a world without her smartphone, was totally gobsmacked by the concept of an antique wind up watch.

TatütataJanuary 3, 2017 8:36 AM

Aaaah, stencil machines! So many childhood memories...

The teacher walking into the classroom with her purple-inked test papers still wet and reeking of alcohol... The human beings at the secretariat doing actual "word processing" with typewriters and turning the crank on these beasts...

Unless you're referring to "real" mimeographs with their finger-staining oily black ink. Those would rather have been reserved for local cell of the revolutionary Marxist-Leninist-Stalinist-Maoist-Trotskist-Socialo-Communist league for plastering telephone poles.

Dirk PraetJanuary 3, 2017 10:41 AM

@ Tatütata

... Those would rather have been reserved for local cell of the revolutionary Marxist-Leninist-Stalinist-Maoist-Trotskist-Socialo-Communist league for plastering telephone poles.

Both. In "Enemy at the Gates", you actually see the political commissar using one. Somewhere in the early eighties, we used one we had found in someone's basement to make flyers for local punk rock concerts and stuff.

pfhJanuary 3, 2017 11:19 AM

I poked around a scanner/printer that had been left behind at an office suite we leased, and all of this was true. I learned about the business, its employees, and their transactions. They would never willingly leave behind these documents in paper form or an external hard drive, but they forgot to wipe (or even put a password) on the machine left behind. Worse, the scanner even had a "wipe documents over x days old" feature that was not used.

AJWMJanuary 3, 2017 12:30 PM

@ Tatütata, Dirk Praet

Technically the stencils refer just to mimeograph machines, which forced that black oily ink through the gaps in the stencil.

The purple (usually, there were also greenish and pinkish colors available) alcohol-smelling copies were made on a "spirit duplicator" (Ditto brand in the US and Canada), where the alcohol dissolved a little of the special ink on the master to let it transfer to the copy paper.

The latter is a high tech variation of the hectograph, where the master is actually made on a gelatin sheet, and copies made by hand pressing the paper onto the gelatin's surface. I have a bunch of old (1930s era) science fiction fanzines (my father's collection) produced by that method, and I did it myself once as a kid. (And at school, did plenty of both mimeo and Ditto copies.)

TatütataJanuary 3, 2017 2:05 PM

@Albert:

I would add to your list:

- Select a true PostScript (or PCL) printer model (i.e., with a built-in page processor) that only requires plain vanilla driver that ships with your OS.

- Configure the firewall to block all outside access from your shiny new device. Some models actually phone home to download advertising for supplies which is displayed on the built-in display. Hugely annoying.

- Select a very near sighted cashier when you try to slip through your perfect yellow-dotted 3$ or 3€ bills...

Clive RobinsonJanuary 4, 2017 8:11 AM

@ AJWM,

I have a bunch of old (1930s era) science fiction fanzines (my father's collection) produced by that method

Hmmm, you might have just revealed you are older than our host ;-)

@ Albert, Publicus,

Anything you print on it can be matched to your printer, so: Pay cash for your color laser printer.

Sorry does not work...

The reason is that modern stock control systems in many stores have unique stock stickers/RFIDs on goods over a quite small $ value. When you go through the till this gets recorded along with the type of payment and of course a time stamp which can be linked to that of the CCTV cameras around the tills watching both the till operator and the customer.

This arangment came about to catch "switched lable fraud", where the cashier may collude with a criminal and turn a blind eye to the fact that a $500 printer has been registered as say a $10 printer ink cartridge or something else with the word printer etc on it.

The idea is that if they get away with it once they will try it on again. Thus the cashiers face and fraudulant purchasers face get tied to the fraudulant transactions. Thus the cashier can be charged with conspiracy etc rather than getting away with saying they did not understand what the till display was showing.

Obviously they keep these transaction details and videos for considerable periods of time. Thus if requited the authorities can get back to your face, or the face of someone who purchased the printer.

Worse they are starting to put or looking at putting RFIDs in higher value bank notes, to get other traceability. Which will nodoubt get linked to "note checkers" etc that will identify where, who and what of transactions with each note.

Oh and of course under US legislation such agrigated data belongs to the data collector and thus can be sold to whom ever they so please. Oh and be given to the US Gov to avoid prosecution. Thus the chances the data won't get collected and stored indefinitely is about as close to zero as you can see with the unaided eye :-(

Jared HallJanuary 11, 2017 10:19 AM

On 4/4/2016, a healthcare provider was hacked by their Konica copier. In my forensic investigation, it turned our that about a week and half earlier, the local copier company had replaced the hard drive. This included a software fix to restore Gigabit Ethernet functions. The copier had been assigned a domain login and various network shares to which scanned files were deposited.

The copier attack used a program called FreeRDP to connect to a terminal server. It was successfully able to install a Java application that started upon server reboot. The server was reset to install Windows Updates. The Java application established, then maintained, a persistent connection to two C&C servers at Rackspace through which it downloaded, and started propagating, Java-based GPCODE.AK ransomware.

Querying their UTM/Gateway, the Rackspace connections were blocked, but by this time the infection had spread to another 2012R2 server, four Windows 10 machines, and a Windows 8.1 workstation. As a precaution, all computers within their facility were shutdown. The 2012R2 servers had to be rebuilt entirely, along with one of the Windows 10 boxes. The other Windows 10 boxes were able to be cleaned and repaired. The Windows 8.1 box was extremely difficult to repair and ultimately the O/S was replaced on that machine.

Over 1.2 million files had been encrypted by then. Fortunately, they were recovered from backup. UTM traffic logs did not indicate any evidence to suggest that any internal data had left their premises. This customer was lucky.

The copier company refused to even roll a tech to investigate the problem. I did ask them if they had a security officer or technician that validated the software images. They did not, explaining that they get their disks direct from Konica. I did pull out the hard drive to find that 3 Linux EXT partitions, but all operational code were in a format that I could not read.

There was also a NTFS partition on the drive. This would normally contain scanned images retained on the copier (e.g. mailboxes). The customer did not use these mailboxes at all, scanning instead to a network file share, but the directory heirarchy suggested that something was afoot. The only thing I was able to discover was a fragment of a deleted file that contained the Domain, Username, and Password of the copier.

Subsequently, additional protections were purchased from the UTM vendor, scans of all machines at their facilies were completed, and software updated on everything, including IoT devices, like their IP Surveillance Cameras. However, four older IP cameras (Grandstream) would not come up after reboot, and these were replaced entirely.

The Copier was then forklifted out of there, but in my discussions with the old/new/prospective copier companies, I was shocked to find that nobody did any testing and validation of S/W images. When discussing data wiping they only wiped, per NIST recommendations, the NTFS partition. COMPLETELY WIPE? NO WAY! As far as I know, they probably redeployed the buggy drive in somebody else's system.

The report cited in the Blog post by Bruce is dated and stops short of pragmatic security steps in the IoT world of today. Since security measures depend upon other criteria, such as usability, feasibility, and cost, I will list these as suggestions:

1) Do insist that your local company has a security officer or technician that can validate the manufacturer's S/W images.
2) Install the networked copier on a separte and isolated network.
3) Do some auditing checks to make sure that any resources a copier login might have is truely restricted.
4) Block all packets to/from the copier from the internet in the router, security appliance, or UTM gateway.
5) Insist on a the Copier company signing a Business Agreement, similar to what is required under HIPAA regulations. PUT THEM ON NOTICE THAT THEIR LIVELIHOOD IS GOING TO BE AT STAKE ALSO.

This was an extremely large copier company. Their absolute arrogance, even in discussions with their CEO, was flabbergasting. His quote, "Look, it's just a copier".

Yes, the benefits of a centralized high-speed printing, faxing, and scanning hub are obvious, but do not overlook security. THINGS ARE NOT ANY BETTER IN THE COPIER WORLD TODAY.

This is Jared, saying: "What The *Heck*, Over?"


Ano NymeriaJanuary 17, 2017 8:20 AM

@ Dirk Praet:
I was afraid someone would say that. I was unexperienced at that time and I think I learned the lesson. As a rule of thump, don't apply to companies that respond "erm, WHAT?" when you ask where you can find their public key (or any other end to end encryption method) for your application, _especially_ if they have "security" among their business bullshit bingo collection some call web site ;)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.