Ricoh Printer hacked message

Re: Ricoh Printer hacked message

The customer's network has security issues that allows internal communication to the MFP. There's a search string you can put into Google that shows you all the unsecure printers that are on the internet. It's an alarming amount.

Re: Ricoh Printer hacked message

Yep, there are even websites that are dedicated to showing you wide open MFPs.
Why the hell you would leave a MFP that can be accessed via the internet with null or weak password is beyond me and just one issue here but people seem oblivious to the harm that can actually be done; they are lucky that the 'hacker' was playing nice and highlighting the potential for something more serious. Spam bot anyone??

Re: Ricoh Printer hacked message

there was a post here on Copytechnet in Industry News the other week that mentions net security on an MFP product

Re: Ricoh Printer hacked message

Interesting, does this have anything to do with the recent SMB v1.0 'WannaCry' issues?

I'm considering setting a PW on all my MFD's now, 99% of them have the default blank pw

Re: Ricoh Printer hacked message

I have read other articles about 'hacked' MFP's .. changing the default password on the machines is a MUST DO!... also have the IT staff monitor/set rights as to what ports can be used or cannot... I will try and find the one article laying out the steps required... If I can remember where I saw it

Re: Ricoh Printer hacked message

THIS IS ONE....

Forbes Welcome

but I seem to remember the other one was from a Xerox article .. they had just gotten an award for MFP security software .

Re: Ricoh Printer hacked message



good info!

Re: Ricoh Printer hacked message

Nope, the device will issue RST packets in responce to inbound SYN packets on port 139 or 445; in your case they would have used Port 443 or 80.

I would do more than consider changing 'default password' if It were me. Although the particular vendor whose forum we are in has arguably the most secure devices and IEE2600.x for Hard copy Common Criteria acreditations, data overwrite and encryption, etc, etc.. it all means nothing if the devices are left on default security.
While you might argue that it is up to the customer to configure the device to be super-duper secure, the customer will argue that you didn't tell them it was a wet paper bag unless configured properly.
One breach and you'll need a dang good saleperson to sell that customer any more kit, especially if they watch the YT videos for HP's 'Wolf' (which are mostly BS btw, but customers don't know that).

Re: Ricoh Printer hacked message

I had a customer that had two Ricoh 2554s that every night someone from outside their local network would send large print jobs to both machines. The customer would come in each morning to find all of the paper trays were emptied out. I guess someone thought it was fun to hack in to someone's network and empty the copier's paper trays with large print jobs. I told their IT guy that they had a firewall issue but he was like: "none of the computers are having problems, it must be something wrong with the copiers". To get rid of the problem, I set IP filters up on the copier to only allow local ip addresses to access or print to the machines. It never happened again after that. You can set ip filters through the copier's web interface. I have a bunch of machines at a university that I set ip filters on all of them that only allows the print server's ip address to access or print to them because the students were smart enough to set up local drivers and bypass their printing accounting software.

Re: Ricoh Printer hacked message

In this case, the web interface is exposed to the external internet instead of just being accessible on the local network of the customer. There is no reason in the world why any printer should be exposed to the outside internet. Adding a new password, if not an entirely new account for the web interface is usually a good idea. I generally add two accounts: one for the customer's IT or key op to use, and one for tech use. If your customer has the ability, using a TLS cert to allow the machine to use HTTPS is also a good idea since it protects the credentials they're entering in from the trivial process of capturing HTTP packets.