Thanks Thanks:  0
Likes Likes:  0
Dislikes Dislikes:  0
Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Service Manager 5,000+ Posts
    Ricoh Printer hacked message

    copier tech's Avatar
    Join Date
    Jan 2014
    Location
    London
    Posts
    7,531
    Rep Power
    182

    Ricoh Printer hacked message

    Just wondered if anyone else has seen this issue, someone has mangaed in access my customers network & changed the printer IP to prevent all users printing, they’ve also changed the host & printer name as attached, this has happened twice now!

    i’ve now changed the default admin password since then its not happenen again.

    Its unlikely to be an inhouse user.
    Attached Images Attached Images
    Let us eat, drink, and be merry, because tomorrow we may die!

    For all your firmware & service manual needs please visit us at:

    www.copierfirmware.co.uk - www.printerfirmware.co.uk




  2. #2
    Professional Moron 2,500+ Posts TonerMunkeh's Avatar
    Join Date
    Apr 2008
    Location
    Shitsville, UK
    Posts
    3,852
    Rep Power
    108

    Re: Ricoh Printer hacked message

    The customer's network has security issues that allows internal communication to the MFP. There's a search string you can put into Google that shows you all the unsecure printers that are on the internet. It's an alarming amount.
    It's 106 miles to Chicago. We've got a full tank of gas, half a pack of cigarettes, it's dark and we're wearing sunglasses.

    Hit it.

  3. #3
    Technician
    Join Date
    May 2017
    Location
    The Ether
    Posts
    21
    Rep Power
    14

    Re: Ricoh Printer hacked message

    Quote Originally Posted by TonerMunkeh View Post
    The customer's network has security issues that allows internal communication to the MFP. There's a search string you can put into Google that shows you all the unsecure printers that are on the internet. It's an alarming amount.
    Yep, there are even websites that are dedicated to showing you wide open MFPs.
    Why the hell you would leave a MFP that can be accessed via the internet with null or weak password is beyond me and just one issue here but people seem oblivious to the harm that can actually be done; they are lucky that the 'hacker' was playing nice and highlighting the potential for something more serious. Spam bot anyone??

  4. #4
    Service Manager 10,000+ Posts
    Ricoh Printer hacked message

    Phil B.'s Avatar
    Join Date
    Jul 2016
    Location
    Raleigh NC
    Posts
    22,668
    Rep Power
    658

    Re: Ricoh Printer hacked message

    there was a post here on Copytechnet in Industry News the other week that mentions net security on an MFP product

  5. #5
    Service Manager 5,000+ Posts
    Ricoh Printer hacked message

    copier tech's Avatar
    Join Date
    Jan 2014
    Location
    London
    Posts
    7,531
    Rep Power
    182

    Re: Ricoh Printer hacked message

    Interesting, does this have anything to do with the recent SMB v1.0 'WannaCry' issues?

    I'm considering setting a PW on all my MFD's now, 99% of them have the default blank pw
    Let us eat, drink, and be merry, because tomorrow we may die!

    For all your firmware & service manual needs please visit us at:

    www.copierfirmware.co.uk - www.printerfirmware.co.uk




  6. #6
    Service Manager 10,000+ Posts
    Ricoh Printer hacked message

    Phil B.'s Avatar
    Join Date
    Jul 2016
    Location
    Raleigh NC
    Posts
    22,668
    Rep Power
    658

    Re: Ricoh Printer hacked message

    Quote Originally Posted by copier tech View Post
    Interesting, does this have anything to do with the recent SMB v1.0 'WannaCry' issues?

    I'm considering setting a PW on all my MFD's now, 99% of them have the default blank pw
    I have read other articles about 'hacked' MFP's .. changing the default password on the machines is a MUST DO!... also have the IT staff monitor/set rights as to what ports can be used or cannot... I will try and find the one article laying out the steps required... If I can remember where I saw it

  7. #7
    Service Manager 10,000+ Posts
    Ricoh Printer hacked message

    Phil B.'s Avatar
    Join Date
    Jul 2016
    Location
    Raleigh NC
    Posts
    22,668
    Rep Power
    658

    Re: Ricoh Printer hacked message

    THIS IS ONE....

    Forbes Welcome

    but I seem to remember the other one was from a Xerox article .. they had just gotten an award for MFP security software .

  8. #8
    Service Manager 10,000+ Posts
    Ricoh Printer hacked message

    Phil B.'s Avatar
    Join Date
    Jul 2016
    Location
    Raleigh NC
    Posts
    22,668
    Rep Power
    658

    Re: Ricoh Printer hacked message



    good info!

  9. #9
    Technician
    Join Date
    May 2017
    Location
    The Ether
    Posts
    21
    Rep Power
    14

    Re: Ricoh Printer hacked message

    Quote Originally Posted by copier tech View Post
    Interesting, does this have anything to do with the recent SMB v1.0 'WannaCry' issues?

    I'm considering setting a PW on all my MFD's now, 99% of them have the default blank pw
    Nope, the device will issue RST packets in responce to inbound SYN packets on port 139 or 445; in your case they would have used Port 443 or 80.

    I would do more than consider changing 'default password' if It were me. Although the particular vendor whose forum we are in has arguably the most secure devices and IEE2600.x for Hard copy Common Criteria acreditations, data overwrite and encryption, etc, etc.. it all means nothing if the devices are left on default security.
    While you might argue that it is up to the customer to configure the device to be super-duper secure, the customer will argue that you didn't tell them it was a wet paper bag unless configured properly.
    One breach and you'll need a dang good saleperson to sell that customer any more kit, especially if they watch the YT videos for HP's 'Wolf' (which are mostly BS btw, but customers don't know that).

  10. #10
    Technician
    Join Date
    Jul 2009
    Location
    Knoxville, Tn
    Posts
    18
    Rep Power
    30

    Re: Ricoh Printer hacked message

    I had a customer that had two Ricoh 2554s that every night someone from outside their local network would send large print jobs to both machines. The customer would come in each morning to find all of the paper trays were emptied out. I guess someone thought it was fun to hack in to someone's network and empty the copier's paper trays with large print jobs. I told their IT guy that they had a firewall issue but he was like: "none of the computers are having problems, it must be something wrong with the copiers". To get rid of the problem, I set IP filters up on the copier to only allow local ip addresses to access or print to the machines. It never happened again after that. You can set ip filters through the copier's web interface. I have a bunch of machines at a university that I set ip filters on all of them that only allows the print server's ip address to access or print to them because the students were smart enough to set up local drivers and bypass their printing accounting software.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Get the Android App
click or scan for the Copytechnet Mobile App

-= -= -= -= -=


IDrive Remote Backup

Lunarpages Internet Solutions

Advertise on Copytechnet

Your Link Here