Skip to main content

4 replies

So your copier gets hacked !

S SalesServiceGuyMaven VIP

It is not uncommon for copier service providers to install copiers with the default passwords intact, despite set up prompts  from the OEM to change the password away from the defaults easily found on the interent.

What information of value can a hacker get?

1. The address book of all of the employees listed.  This is often not comprehensive.  Maybe this invites phishing attacks.

2. The Subnet and Gateway.  I do not know what value this is to clever hackers.

3. The SMTP Client.  Usually the password is hashed ###### out.

4. They can see the scan path to network folders.  That cannot be good even though the password is usually hashed ##### out.

I know there are powerful sotware tools out there that can quickly decrypt hashed ##### out passwords.

What else of value can hackers get?

What liability has the dealer exposed themselves to?

There are two kinds of dealers out there.  Those that are mostly hardware providers and those that offer IT services & hardware.  The IT service providers likely force their service departments to use subscription based password managers to secure the equipment they install.

Last edited by SalesServiceGuy
Original Post

Replies sorted oldest to newest

S SalesServiceGuyMaven VIP

Bing Chat AI says when asked what information can a hacker get from your network printer,

Network-enabled printers can contain sensitive information about your internal network. They are often integrated with business systems, unified with email systems, and given Local Area Network (LAN) authentication.

With all these important connections throughout the network, an unsecure printer setup could lead to serious exposure of sensitive data or password harvesting .

Hackers can use network scanning tools to search for security gaps in your network, especially in your copiers and printers. When a hacker scans your network, they look for open ports. Open ports can let them access the hard drive of the copier and view all documents in the hard drive . A successful attack could allow an attacker to siphon off the printer’s memory to access print jobs of potentially sensitive files, like contracts, corporate information, or patient.

To prevent such attacks, it is recommended to secure your printer by changing the default access password to the administration page, disabling unnecessary services, and keeping the firmware up-to-date

S SalesServiceGuyMaven VIP

Copiers and printers are passive devices but they have access to a lot of information.

Going over the points listed:

The address book is the key area of interest. You'll have potentially both server paths and email addresses to better focus your navigation around the network. Phishing or impersonation becomes a potential threat as an attacker could attempt to impersonate a user or customer with contact information in the device to pull more information out of the business. Even with passwords not in cleartext on the device, it's possible to get the service account for SMB scanning or SMTP credentials to limit the accounts to try and brute force them, or obtain them by other means.

Gateway and subnet information isn't particularly useful: if you're already in the network you have that information.

SMTP client could be of value if it's an internal one that doesn't require authentication: it would then be easy to impersonate an existing email and attempt to send malicious attachments or other files by use of the same server.

The web interface is also a big issue in general: devices last much longer than security protocols. As an example, I still support some older devices that support the old, and VERY weak, export ciphers. Those are trivial to crack and can't be disabled on some of them.

For dealers, ideally there should be two admin accounts: one known by the dealer, one for onsite IT staff. During the setup of the machine, the onsite password would be created by the IT staff and known only to them. From there, the paperwork will then waive the dealer's responsibility once the device is added to the network.


Most of my larger clients have gone the route of segmenting their printers into a separate VLAN so that they know what a device is just by its IP range. The only devices that can reach them are the printer servers over ports 9100 or 515 (RAW/LPD) inbound, and outbound allowing 445 (SMB over DNS) to any scan destination, and whatever port the email server uses. The web interface then also only gets allowed from either the print server or from a dedicated management machine (PAW or Privileged Access Workstation).

For smaller clients in a flat network environment, the web interfaces are locked by a password and only available over HTTPS. If they have an internal CA server the certificate for the machine is generated from that to remove the self signed issues, if not they roll with it and just create an exception in their browser. Also all old protocols or services they don't use get disabled (Think AppleTalk, WINS, LLMR, FTP, WSD, etc).

As long as there is a clear delineation of who is responsible for what role in the security of the device there shouldn't be anything that comes back to bit the dealer. However, we've even seen here multiple instance of techs turning SMB1 or FTP on machines to get them working in customer environments, often potentially without the knowledge of their IT. In instances like that there's a good chance that the dealer could be held liable. Anything that goes against my regular config for a client has to be signed off on as a waiver.

Of course, there are also clients who have their networks incorrectly configured so that their devices are exposed to the public internet. A simple Google search for the name of the web interface for a manufacturer will likely bring up several hits. Example: a search for Web Image Monitor in Google brings up at least three machines exposed to the internet. There's no helping that...

F fisherMaven VIP

Just keeping it real based on being the guy setting machines up on customer's networks going back to the earliest networked MFPs in the 90s.  Truth is the MFP is the least of most customer's vulnerabilities.  Most customers in the small and medium sized business space have little if any network security.  Never mind the wide open shred bins that could be a gold mine of info.  I see so many businesses who set their own networks up or have a friend or family member do it for them on the cheap.  Crazy.

Kevin Neal (P3iD)Kevin Neal (P3iD)Elite P4P'er

It's my opinion that device manufacturers need to be more responsible with their technologies and not just rely on service providers to follow "best practices". It's simple human nature for people not to read instructions and will often take the path of least resistance. Therefore, the machines have to be secure by DEFAULT and not by configuration.

As it relates to a few simple items, devices MUST have dynamic passwords, multifactor authentication with geofencing, secure erase policies enforceable by the administrator, zero knowledge networking, and sealed channel communication, at the bare minimum.

While all these things might seem overwhelming, complicated, or expensive, that's not the case so there is no excuse for the manufacturers to start incorporating these cyber defense technologies or face the consequences when their devices are the result of a data breach!

Here is a podcast I did with Omnistruct on the topic of cybersecurity: https://omnistruct.com/cyberse...ent-with-kevin-neal/

Last edited by Kevin Neal (P3iD)

Add Reply

Post

Membership Required

We're sorry. You must be signed in to continue. Sign In or Register
×
Are you sure you want to remove from your Block List?
×
Loading...
×
When you block a person, they can no longer invite you to a private message or post to your profile wall. Replies and comments they make will be collapsed/hidden by default. Finally, you'll never receive email notifications about content they create or likes they designate for your content.
Note: if you proceed, you will no longer be following .
×
Advanced Search
Advanced Search
Link copied to your clipboard.
×

Access to this requires a premium membership.

VIP/Premium Membership

A Premium Membership can carry you to the top of the sales ladder!

Premium Membership Includes:

  • Access to the Premium forums (I'm not going to post all of my secrets in the general forums, but I will post them in the Premium forums).
  • Unlimited downloads of all documents which include competitive proposals, Print4Pay Hotels "Pricing on the Street", competitive quotes, competitive sales orders, RFP's/RFQ's and word/xcel documents that I've created that will help you track your sales, self help sales documents, and much more!
  • As long as you're a Premium Member, you can lean on me for additional help with creative ideas of how to close the deal, add additional value with a third party solution, whatever you need in order to help WIN the deal!
  • Leads, every now and then I'll get a few leads from across the country, this is due the lead generation site I created and all the blogs I've written. A Premium Membership will enable you to receive these leads.

Follow the link on the forums to get your Premium Membership. If you're interested in a lifetime membership please send me an email arthurkpost@gmail.com and we'll send you a pay pal invoice of $399 of a LIFETIME Print4Pay Hotel membership.

$115.00 per 12 Months (plus tax if applicable)
×