How many of your customer's machines are open for hacking or exploitation?

**slimslob** · 07-16-2020, 06:36 AM

Re: How many of your customer's machines are open for hacking or exploitation?

In the past I have encountered small business customers that had DSL or T1 modems configured by their ISP to provide 4 to 10 routed public addresses with DHCP and little or no firewall instead of a bridged connection. Small businesses with little technical knowledge and no IT, they just connected their equipment unaware of the fact that they were exposing themselves to every hacker out there, including their network printers. I have had to deal with a couple in the past. In some cases it was as easy as merely connecting as connecting a router to one of the ports. With most T carriers I had to get the ISP to first reconfigure to a bridged service and provide the settings for the router.

**copyman** · 07-16-2020, 01:23 PM

Re: How many of your customer's machines are open for hacking or exploitation?

Originally posted by femaster

I came across a customer last week, that for some unknown reason, has their Konica Minolta copier out of the internet, with a publicly routable IP address assigned to it. They were complaining of constant problems with their NEW copier. At one point, they complained that "someone" enable authentication on the copier, leaving them completely locked out of it. After troubleshooting their problems and removing the authentication requirement, it was discovered that for some reason they had programmed in a public facing IP address. Their copier was sitting out on the public internet, ripe for the picking.

This peaked my interest a bit, and I decided to do some searching and poking around at a very useful search site called Shodan. This isn't your typical search engine. It does not scan the internet to catalog websites; this search engine catalogs DEVICES. Devices that are connected to the internet, ripe for the picking. It allows one to search for key terms used in the software of the devices. It gives you a couple pages of results for each search, and a limited number of searches per day, for free. To get an extensive list requires a subscription, so if you happen to try it out, don't be fooled by the limited number of results you are able to view.

A few searches I tried for different brands of copier equipment produced some alarming results. So many devices with direct access from anywhere in the world, not only to their web interfaces, but the mail ports, FTP, etc..

Konica Minolta
Canon
Kyocera
Ricoh
Savin
Sharp
Xerox

These results are not encouraging to say the least. Encourage your customers to keep their equipment safe and off the public internet. I can't see any reason at all that a device needs a public IP.

These are the same type of customers that don't back up their computers on a regular basis. Their head is in the sand and think it will never happen to them.

**femaster** · 07-16-2020, 11:32 PM

Re: How many of your customer's machines are open for hacking or exploitation?

Originally posted by copyman

These are the same type of customers that don't back up their computers on a regular basis. Their head is in the sand and think it will never happen to them.

I agree. I noticed when I was using their PC to connect to the copier and delete about 125 print jobs that were stuck (generated from somewhere outside of their business), that even their Windows 10 PC has a public IP. It was a rush day, so I didn't get to spend much time with them, but they have a modem/router combination box from their ISP and 3 different devices were plugged into it. I'm not sure why, but apparently their ISP has everything set up with public IPs instead of allowing the router to do its job and protect their devices.

I ended up leaving them in the hands of my office's very incapable IT, so hopefully they do something about it soon.

**KenB** · 07-17-2020, 03:15 AM

**copier tech** · 07-17-2020, 10:52 AM

Re: How many of your customer's machines are open for hacking or exploitation?

Originally posted by femaster

I came across a customer last week, that for some unknown reason, has their Konica Minolta copier out of the internet, with a publicly routable IP address assigned to it. They were complaining of constant problems with their NEW copier. At one point, they complained that "someone" enable authentication on the copier, leaving them completely locked out of it. After troubleshooting their problems and removing the authentication requirement, it was discovered that for some reason they had programmed in a public facing IP address. Their copier was sitting out on the public internet, ripe for the picking.

This peaked my interest a bit, and I decided to do some searching and poking around at a very useful search site called Shodan. This isn't your typical search engine. It does not scan the internet to catalog websites; this search engine catalogs DEVICES. Devices that are connected to the internet, ripe for the picking. It allows one to search for key terms used in the software of the devices. It gives you a couple pages of results for each search, and a limited number of searches per day, for free. To get an extensive list requires a subscription, so if you happen to try it out, don't be fooled by the limited number of results you are able to view.

A few searches I tried for different brands of copier equipment produced some alarming results. So many devices with direct access from anywhere in the world, not only to their web interfaces, but the mail ports, FTP, etc..

Konica Minolta
Canon
Kyocera
Ricoh
Savin
Sharp
Xerox

These results are not encouraging to say the least. Encourage your customers to keep their equipment safe and off the public internet. I can't see any reason at all that a device needs a public IP.

I just created a shodan account to check this out, however looks beyond my IT knowledge!

Worrying you can search for webcams

**femaster** · 07-17-2020, 01:24 PM

Re: How many of your customer's machines are open for hacking or exploitation?

Originally posted by copier tech

I just created a shodan to check this out, however looks beyond my IT knowledge!

Worrying you can search for webcams

If it's got a public IP, and has at least 1 port that responds to requests, even it just responds that the port is 'closed', it will show up. I know there have been IP based security cameras that have shown up in the news that were exploitable and found by using Shodan. If by webcam you mean like the one in your laptop, out an add on USB one, those wouldn't. It needs to be network based.

I know a little bit about this stuff, but not enough. You'd need to know how the camera identifies itself over the network so you would know what key words or code snippets to search for.

**slimslob** · 07-17-2020, 03:57 PM

Re: How many of your customer's machines are open for hacking or exploitation?

Originally posted by femaster

If it's got a public IP, and has at least 1 port that responds to requests, even it just responds that the port is 'closed', it will show up. I know there have been IP based security cameras that have shown up in the news that were exploitable and found by using Shodan. If by webcam you mean like the one in your laptop, out an add on USB one, those wouldn't. It needs to be network based.

I know a little bit about this stuff, but not enough. You'd need to know how the camera identifies itself over the network so you would know what key words or code snippets to search for.

If you do not have quality malware protection on you computer and your "USB" camera is connected it is accessible to hackers. I don't know about your computer but checking Device Manager on mine the VGA WebCam actually is a USB Video Device and hackers access built in webcams all the time.

**Vincent128** · 07-17-2020, 09:58 PM

Re: How many of your customer's machines are open for hacking or exploitation?

Have seen this happen when smaller business have zero concept of IT .. We strongly suggest..i.e..unless you have real IT that works with us otherwise..that printers have a static IP. It's part of our Network site survey but smaller offices we can't always get them back before we have to install.

What happens is that the customer calls up their ISP and tells them that the new copier needs a static IP...The ISP call center knows nothing about IT so they sell them a public static IP and the ID10T the business has as their "IT GUY" give it to the copier....then they use WSD anyway so things prints but only until windows breaks WSD (like the next day) or the crap driver windows uses crashes things or prints incorrectly or no prints at all.

When we run into these situations..the customer ALWAYS..blames us.
><;

**slimslob** · 07-17-2020, 10:59 PM

Re: How many of your customer's machines are open for hacking or exploitation?

Originally posted by Vincent128

Have seen this happen when smaller business have zero concept of IT .. We strongly suggest..i.e..unless you have real IT that works with us otherwise..that printers have a static IP. It's part of our Network site survey but smaller offices we can't always get them back before we have to install.

What happens is that the customer calls up their ISP and tells them that the new copier needs a static IP...The ISP call center knows nothing about IT so they sell them a public static IP and the ID10T the business has as their "IT GUY" give it to the copier....then they use WSD anyway so things prints but only until windows breaks WSD (like the next day) or the crap driver windows uses crashes things or prints incorrectly or no prints at all.

When we run into these situations..the customer ALWAYS..blames us.
><;

I have no problem with with DHCP. Then set the computers up to use device name instead of IP address. That way when you have a customer that likes to frequently replace their router or the ISP and end up with a totally different sub net, you are not having to go out and set their printing up for them again.

**femaster** · 07-18-2020, 12:49 AM

Re: How many of your customer's machines are open for hacking or exploitation?

Originally posted by slimslob

If you do not have quality malware protection on you computer and your "USB" camera is connected it is accessible to hackers. I don't know about your computer but checking Device Manager on mine the VGA WebCam actually is a USB Video Device and hackers access built in webcams all the time.

You are correct, a webcan is definitely not immune from being hacked if the hardware it is connected to has been compromised.

My answer of no was based on the original question of will a webcam show up in a Shodan search. If it's a standard webcam built into a laptop (or an all-in-one desktop) or connected to a PC via USB, it would not show up on a Shodan search.

**slimslob** · 07-18-2020, 01:10 AM

Re: How many of your customer's machines are open for hacking or exploitation?

Originally posted by femaster

You are correct, a webcan is definitely not immune from being hacked if the hardware it is connected to has been compromised.

My answer of no was based on the original question of will a webcam show up in a Shodan search. If it's a standard webcam built into a laptop (or an all-in-one desktop) or connected to a PC via USB, it would not show up on a Shodan search.

I have seen network switches and routers with USB ports primarily for networking low end printers with no network port. Would a USB camera connect to such a device be searchable?

**femaster** · 07-18-2020, 02:02 AM

Re: How many of your customer's machines are open for hacking or exploitation?

Originally posted by slimslob

I have seen network switches and routers with USB ports primarily for networking low end printers with no network port. Would a USB camera connect to such a device be searchable?

From my experience, the routers, that I've come across with a USB port only support 3 types of devices. 1) Low-end printers as you said, 2) USB storage devices (hard drive, flash drive, etc.), and on some of the higher-end routers, 3) a USB cellular (4G, etc.) device that would act as a fail-over if the main WAN (internet) connection were to go down. In general they wouldn't know what to do with a USB camera. Not to say that I'm familiar with every device out there, there could be some obscure unit that might work with a USB camera, but I don't know of any.

Those USB ports generally don't use an IP address for routing. I did connect an old Samsung USB printer to an Asus Router a few years back. It required special software to be installed on any PC that was going to print to that printer. It acted as an in-between (almost like a generic print driver) in order to facilitate the communication.

As for a USB storage device, this is designed to act sort of like a network attached storage, where it is can be accessible from the local network, and if desired, from the internet. Even this type of device I don't believe gets an internal IP address assigned to it. If remote access was enabled for the storage device, there is a very good chance it would show up in a search if you knew the right term to search for. It would be found on whatever the public IP address was that was assigned to the router by the ISP's modem.

**rrrohan** · 08-07-2020, 11:26 AM

Re: How many of your customer's machines are open for hacking or exploitation?

i just checked one. logged in with default passwords and everything. amazing the damage somone could do. plus even if u dont mess with settings nothing stopping u sending print jobs in full colour 2000 or so times.

why would they be setup like this, it has to be intentional? and if so why dont they atleast change default admin password and have user authentication turned on.

interesting site though. im temtped tojust warn all users in my area by printing out a page of contact info so i can offer advise

**femaster** · 08-08-2020, 04:03 AM

Re: How many of your customer's machines are open for hacking or exploitation?

That is exactly what I was getting at. It's crazy that they just leave the machines hanging out therefor anybody to access. Most have all the default passwords still, so you pretty much take over the entire machine and hold it for ransom.

I'm not sure if all brands have this feature, but I know with newer Konica Minolta machines you can do a direct print to the machine through the web interface without the need to log into it at all. No print drivers or anything. Imagine the havoc people could cause. Could run the thing completely out of paper, burnning up tons of color toner, and possibly costing those that have a service contract with per page limits or fees a ton of money in overage charges.

How many of your customer's machines are open for hacking or exploitation?

[Misc] How many of your customer's machines are open for hacking or exploitation?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment