So your copier gets hacked!

Re: So your copier gets hacked!

1. The first step may be that you need to change the default password
2. Using commercial email does have a slight risk, you can use the email hosting option which has several security profile settings.
3. You can switch to a private network
4. network devices that have security rules, such as Cisco or Mikrotik

That's just my opinion, because there are clients who want to be safe or even think it's all unnecessary

Re: So your copier gets hacked!

1. Usually, it will be full Names or positions that are associated with email addresses or PC Names. So yes, it can be used for pishing attacks.

2. Doesnt reveal anything really critical

3. The password would be the only interesting thing here.

4. See 1.

Quickly is relative. Depends a lot on the algorithm used to store the passwords, which i assume to be SHA256 but i am not too sure. I know that there are printers that used to store passwords in plain text.
If your printer is the entry point of a hacker into your network, you have already fcked up. Some Bosses might have called this "saving money" before. It happens when the Printer has direct access to the internet and is not protected by being put in a vlan with no internet access and filtered network communication.

The problem for dealers depends on the case and contracts.
You just delivered it and only supply consumables? Not your issue as long as it came with the newest firmware avaiable.
You have a contract to maintain the machine on a regular base and failed to offer antivirus solutions, update the firmware regularly? Might get you in some sort trouble if they have a good lawyer.
You are also the companies IT Manager? Damn you have fcked up. Unless you offered and informed the Boss of that company of all the stuff that needs to be done and he declined. You would need that as a hardcopy though.

Re: So your copier gets hacked!

Sharp for business | Security | Multifunction Printers (MFP)

"Copiers need strong protection from cybercriminals that have learned how to compromise unsecured devices to gain access to the network. Bitdefender antimalware technology provides an additional layer of protection against all known and unknown malware threats including viruses, trojans, worms, ransomware, spyware, and more. Available on most Sharp copiers."

Sharp has been a leader in data security in the industry for along time.

I know of a couple of copiers we have out that I can sit in my office and hit their webpage over the internet. Customer has been told to correct this many times and we have given them detailed instructions.

Re: So your copier gets hacked!

I would really love to know how they want to offer protection against unknown types off malware.

Re: So your copier gets hacked!

If your business has a written contract to be the customer's IT provider not changing the default passwords would be a major liability. I was thinking more of the dealer who is just a hardware provider.

Re: So your copier gets hacked!

There have been several recent reports that to remediate a successful cyber attack can cost big time dollars in the $100s of thousands.

Re: So your copier gets hacked!

Well that was the first part. If you are just providing the hardware, there is absolutely nothing you need to worry about. But you do need to put that in the contract (Or whatever you have, like a purchase reciept) that specifies that you are only handing over the hardware and that the security of the device is up to the customer

Re: So your copier gets hacked!

The only thing we have encountered so far is a library chain that would arrive in the morning and have a stack of 300-500 prints waiting on them with jibberish on some pages. Their IT determined it was Russian hackers. For a while it "the equipments fault" though. Their network was wide open to the world. Not really anything hacked, just adding clicks and wasting paper. I can't believe someone actually spends the time to do somehting so silly.

A school system did have a student messing with the machines through their webpages. He was doing while at school though and not from the outside. We were scratching our heads for a few weeks.

Re: So your copier gets hacked!

I have never expereinced one of the copiers that I am responsible getting hacked, even my old obsolete clunkers.

Far more likely is a phishing attack which happened to me as recently as yesterday. Some crook posing as Website Builder - Create a Free Website Today | Wix.com telling me that my credit card credentials had expired and that my copier domain would be closed in two days if I did not pay promptly.

Re: So your copier gets hacked!

Interesting. I hope rthonpm chimes in because I'm thinking if a hacker is able to penetrate your network that you have bigger problems than the copy machine.

Re: So your copier gets hacked!

I know sales people are really pushing this as a new sales point, but I always have to ask the client, "what is your first measure of defense?" it's your network. If hackers compromise the network, which should be managed by a network company, the first thing they are going hack is not your copier/printer. Although, changing the default password on the copier is not a bad idea. Faxes have been hacked in the past.

Re: So your copier gets hacked!

I do have a two page written maintenance contract with a lot of small print on the back and I do not think it says that. I will update that. Thanks,

Re: So your copier gets hacked!

It's not that easy, Kyocera use a version of Linux and to access the text file where encrypted passwords are stored you need root access to the file /etc/shadow well that's if It's like my Raspberry Pi.

For a bit of fun can someone tell me this woman's name, its a SHA1 hash

be8ec20d52fdf21c23e83ba2bb7446a7fecb32ac

Re: So your copier gets hacked!

The average SMB business that I sell to does not rate copier security high in their purchase decision. They just expect it to be "world class" from any OEM.

I only talk about Security if asked, usually by a 3rd party IT provider who services the customer's network.