So your copier gets hacked!

Re: So your copier gets hacked!

It's "sarah".

What do I win??

Re: So your copier gets hacked!

So I asked Bing AI chat "what information can be gathered from a network printer by a hacker"

It responded.


Network-enabled printers can contain sensitive information about your internal network. They are often integrated with business systems, unified with email systems, and given Local Area Network (LAN) authentication.

With all these important connections throughout the network, an unsecure printer setup could lead to serious exposure of sensitive data or password harvesting .

Hackers can use network scanning tools to search for security gaps in your network, especially in your copiers and printers. When a hacker scans your network, they look for open ports. Open ports can let them access the hard drive of the copier and view all documents in the hard drive . A successful attack could allow an attacker to siphon off the printer’s memory to access print jobs of potentially sensitive files, like contracts, corporate information, or patient.

To prevent such attacks, it is recommended to secure your printer by changing the default access password to the administration page, disabling unnecessary services, and keeping the firmware up-to-date

... Toshiba copiers, do have the ability to scan documents to the HDD/ SSD of the device. Some customers scan all their documents there because it is easy for the copier technician to set up. I will have to check out how easy it would be for a hacker to see those documents.

Those customers who need to scan documents in a more organized way scan to a newtwork folder or OneDrive for Business.

Re: So your copier gets hacked!

I saw the reply and then the username and wasn't surprised, for anyone else just copy and paste the hash into google.
You win a like and thanks, there ain't much else I can do in this digital environment.

Oh, Merry! Christmas.

Re: So your copier gets hacked!

I covered some of this in the Business Talk thread on California's Right to Repair laws.

Copiers and printers are passive devices but they have access to a lot of information.

Going over the points listed:

The address book is the key area of interest. You'll have potentially both server paths and email addresses to better focus your navigation around the network. Phishing or impersonation becomes a potential threat as an attacker could attempt to impersonate a user or customer with contact information in the device to pull more information out of the business. Even with passwords not in cleartext on the device, it's possible to get the service account for SMB scanning or SMTP credentials to limit the accounts to try and brute force them, or obtain them by other means.

Gateway and subnet information isn't particularly useful: if you're already in the network you have that information.

SMTP client could be of value if it's an internal one that doesn't require authentication: it would then be easy to impersonate an existing email and attempt to send malicious attachments or other files by use of the same server.

The web interface is also a big issue in general: devices last much longer than security protocols. As an example, I still support some older devices that support the old, and VERY weak, export ciphers. Those are trivial to crack and can't be disabled on some of them.

For dealers, ideally there should be two admin accounts: one known by the dealer, one for onsite IT staff. During the setup of the machine, the onsite password would be created by the IT staff and known only to them. From there, the paperwork will then waive the dealer's responsibility once the device is added to the network.


Most of my larger clients have gone the route of segmenting their printers into a separate VLAN so that they know what a device is just by its IP range. The only devices that can reach them are the printer servers over ports 9100 or 515 (RAW/LPD) inbound, and outbound allowing 445 (SMB over DNS) to any scan destination, and whatever port the email server uses. The web interface then also only gets allowed from either the print server or from a dedicated management machine (PAW or Privileged Access Workstation).

For smaller clients in a flat network environment, the web interfaces are locked by a password and only available over HTTPS. If they have an internal CA server the certificate for the machine is generated from that to remove the self signed issues, if not they roll with it and just create an exception in their browser. Also all old protocols or services they don't use get disabled (Think AppleTalk, WINS, LLMR, FTP, WSD, etc).

As long as there is a clear delineation of who is responsible for what role in the security of the device there shouldn't be anything that comes back to bit the dealer. However, we've even seen here multiple instance of techs turning SMB1 or FTP on machines to get them working in customer environments, often potentially without the knowledge of their IT. In instances like that there's a good chance that the dealer could be held liable. Anything that goes against my regular config for a client has to be signed off on as a waiver.

Of course, there are also clients who have their networks incorrectly configured so that their devices are exposed to the public internet. A simple Google search for the name of the web interface for a manufacturer will likely bring up several hits. Example: a search for Web Image Monitor in Google brings up at least three machines exposed to the internet. There's no helping that...

Re: So your copier gets hacked!

Same to you!

Re: So your copier gets hacked!

A one liner like: "The Customer takes full ownership of the Machine as is and companyname is not responsive for any security incidients regarding the machine."
Can really save you your ass in a legal case.

Re: So your copier gets hacked!

that is basically the most important part. Customer really needs/wants something that would impact the security -> Sign the paper that says "i dont care about security" and i'll happily do it. Otherwise: No.