Page 1 of 2 12 LastLast
Results 1 to 10 of 15
  1. #1
    Field Service Technician 250+ Posts femaster's Avatar
    Join Date
    May 2011
    Location
    A Small City in MI
    Posts
    419
    Rep Power
    26

    How many of your customer's machines are open for hacking or exploitation?

    I came across a customer last week, that for some unknown reason, has their Konica Minolta copier out of the internet, with a publicly routable IP address assigned to it. They were complaining of constant problems with their NEW copier. At one point, they complained that "someone" enable authentication on the copier, leaving them completely locked out of it. After troubleshooting their problems and removing the authentication requirement, it was discovered that for some reason they had programmed in a public facing IP address. Their copier was sitting out on the public internet, ripe for the picking.

    This peaked my interest a bit, and I decided to do some searching and poking around at a very useful search site called Shodan. This isn't your typical search engine. It does not scan the internet to catalog websites; this search engine catalogs DEVICES. Devices that are connected to the internet, ripe for the picking. It allows one to search for key terms used in the software of the devices. It gives you a couple pages of results for each search, and a limited number of searches per day, for free. To get an extensive list requires a subscription, so if you happen to try it out, don't be fooled by the limited number of results you are able to view.

    A few searches I tried for different brands of copier equipment produced some alarming results. So many devices with direct access from anywhere in the world, not only to their web interfaces, but the mail ports, FTP, etc..

    Konica Minolta
    Canon
    Kyocera
    Ricoh
    Savin
    Sharp
    Xerox

    These results are not encouraging to say the least. Encourage your customers to keep their equipment safe and off the public internet. I can't see any reason at all that a device needs a public IP.
    Ricoh Service Tech for 7 year, now a Konica Minolta Service Tech for the last 6 years.
    My Ricoh knowledge is slowly dwindling away at this point. Many things have been lost to time...

  2. #2
    Retired 10,000+ Posts slimslob's Avatar
    Join Date
    May 2013
    Location
    Bakersfield, CA
    Posts
    11,830
    Rep Power
    287

    Re: How many of your customer's machines are open for hacking or exploitation?

    In the past I have encountered small business customers that had DSL or T1 modems configured by their ISP to provide 4 to 10 routed public addresses with DHCP and little or no firewall instead of a bridged connection. Small businesses with little technical knowledge and no IT, they just connected their equipment unaware of the fact that they were exposing themselves to every hacker out there, including their network printers. I have had to deal with a couple in the past. In some cases it was as easy as merely connecting as connecting a router to one of the ports. With most T carriers I had to get the ISP to first reconfigure to a bridged service and provide the settings for the router.

  3. #3
    Service Manager 1,000+ Posts
    How many of your customer's machines are open for hacking or exploitation?


    Join Date
    Sep 2005
    Location
    South Jersey
    Posts
    2,377
    Rep Power
    83

    Re: How many of your customer's machines are open for hacking or exploitation?

    Quote Originally Posted by femaster View Post
    I came across a customer last week, that for some unknown reason, has their Konica Minolta copier out of the internet, with a publicly routable IP address assigned to it. They were complaining of constant problems with their NEW copier. At one point, they complained that "someone" enable authentication on the copier, leaving them completely locked out of it. After troubleshooting their problems and removing the authentication requirement, it was discovered that for some reason they had programmed in a public facing IP address. Their copier was sitting out on the public internet, ripe for the picking.

    This peaked my interest a bit, and I decided to do some searching and poking around at a very useful search site called Shodan. This isn't your typical search engine. It does not scan the internet to catalog websites; this search engine catalogs DEVICES. Devices that are connected to the internet, ripe for the picking. It allows one to search for key terms used in the software of the devices. It gives you a couple pages of results for each search, and a limited number of searches per day, for free. To get an extensive list requires a subscription, so if you happen to try it out, don't be fooled by the limited number of results you are able to view.

    A few searches I tried for different brands of copier equipment produced some alarming results. So many devices with direct access from anywhere in the world, not only to their web interfaces, but the mail ports, FTP, etc..

    Konica Minolta
    Canon
    Kyocera
    Ricoh
    Savin
    Sharp
    Xerox

    These results are not encouraging to say the least. Encourage your customers to keep their equipment safe and off the public internet. I can't see any reason at all that a device needs a public IP.
    These are the same type of customers that don't back up their computers on a regular basis. Their head is in the sand and think it will never happen to them.

  4. #4
    Field Service Technician 250+ Posts femaster's Avatar
    Join Date
    May 2011
    Location
    A Small City in MI
    Posts
    419
    Rep Power
    26

    Re: How many of your customer's machines are open for hacking or exploitation?

    Quote Originally Posted by copyman View Post
    These are the same type of customers that don't back up their computers on a regular basis. Their head is in the sand and think it will never happen to them.
    I agree. I noticed when I was using their PC to connect to the copier and delete about 125 print jobs that were stuck (generated from somewhere outside of their business), that even their Windows 10 PC has a public IP. It was a rush day, so I didn't get to spend much time with them, but they have a modem/router combination box from their ISP and 3 different devices were plugged into it. I'm not sure why, but apparently their ISP has everything set up with public IPs instead of allowing the router to do its job and protect their devices.

    I ended up leaving them in the hands of my office's very incapable IT, so hopefully they do something about it soon.
    Ricoh Service Tech for 7 year, now a Konica Minolta Service Tech for the last 6 years.
    My Ricoh knowledge is slowly dwindling away at this point. Many things have been lost to time...

  5. #5
    Geek Extraordinaire 2,500+ Posts KenB's Avatar
    Join Date
    Dec 2007
    Location
    Cleveland, Ohio
    Posts
    3,228
    Rep Power
    84

    Re: How many of your customer's machines are open for hacking or exploitation?

    Back when the Internet was still pretty much a novelty (something like 1998), I had a major university with about 100 connected Canon machines.

    There were about 15,000 active nodes on the network, including classrooms, labs, offices, and student dorms.

    They had a full class B subnet, so there were all 65,000 addresses available.

    IP addresses were assigned by DHCP reservations, where each node (MAC address) always got the same public-facing IP address.

    Fortunately, it wasn’t that big an issue back then, but there were definitely issues.

    I think they came to their senses somewhere around 2001.
    Some days you’re the dog, some days you’re the fire hydrant.

  6. #6
    Service Manager 2,500+ Posts
    How many of your customer's machines are open for hacking or exploitation?

    copier tech's Avatar
    Join Date
    Jan 2014
    Location
    London
    Posts
    4,488
    Rep Power
    91

    Angry Re: How many of your customer's machines are open for hacking or exploitation?

    Quote Originally Posted by femaster View Post
    I came across a customer last week, that for some unknown reason, has their Konica Minolta copier out of the internet, with a publicly routable IP address assigned to it. They were complaining of constant problems with their NEW copier. At one point, they complained that "someone" enable authentication on the copier, leaving them completely locked out of it. After troubleshooting their problems and removing the authentication requirement, it was discovered that for some reason they had programmed in a public facing IP address. Their copier was sitting out on the public internet, ripe for the picking.

    This peaked my interest a bit, and I decided to do some searching and poking around at a very useful search site called Shodan. This isn't your typical search engine. It does not scan the internet to catalog websites; this search engine catalogs DEVICES. Devices that are connected to the internet, ripe for the picking. It allows one to search for key terms used in the software of the devices. It gives you a couple pages of results for each search, and a limited number of searches per day, for free. To get an extensive list requires a subscription, so if you happen to try it out, don't be fooled by the limited number of results you are able to view.

    A few searches I tried for different brands of copier equipment produced some alarming results. So many devices with direct access from anywhere in the world, not only to their web interfaces, but the mail ports, FTP, etc..

    Konica Minolta
    Canon
    Kyocera
    Ricoh
    Savin
    Sharp
    Xerox

    These results are not encouraging to say the least. Encourage your customers to keep their equipment safe and off the public internet. I can't see any reason at all that a device needs a public IP.
    I just created a shodan account to check this out, however looks beyond my IT knowledge!

    Worrying you can search for webcams
    Last edited by copier tech; 3 Weeks Ago at 03:20 PM.
    Let us eat, drink, and be merry, because tomorrow we may die!

    www.copierfirmware.co.uk

  7. #7
    Field Service Technician 250+ Posts femaster's Avatar
    Join Date
    May 2011
    Location
    A Small City in MI
    Posts
    419
    Rep Power
    26

    Re: How many of your customer's machines are open for hacking or exploitation?

    Quote Originally Posted by copier tech View Post
    I just created a shodan to check this out, however looks beyond my IT knowledge!

    Worrying you can search for webcams
    If it's got a public IP, and has at least 1 port that responds to requests, even it just responds that the port is 'closed', it will show up. I know there have been IP based security cameras that have shown up in the news that were exploitable and found by using Shodan. If by webcam you mean like the one in your laptop, out an add on USB one, those wouldn't. It needs to be network based.

    I know a little bit about this stuff, but not enough. You'd need to know how the camera identifies itself over the network so you would know what key words or code snippets to search for.
    Ricoh Service Tech for 7 year, now a Konica Minolta Service Tech for the last 6 years.
    My Ricoh knowledge is slowly dwindling away at this point. Many things have been lost to time...

  8. #8
    Retired 10,000+ Posts slimslob's Avatar
    Join Date
    May 2013
    Location
    Bakersfield, CA
    Posts
    11,830
    Rep Power
    287

    Re: How many of your customer's machines are open for hacking or exploitation?

    Quote Originally Posted by femaster View Post
    If it's got a public IP, and has at least 1 port that responds to requests, even it just responds that the port is 'closed', it will show up. I know there have been IP based security cameras that have shown up in the news that were exploitable and found by using Shodan. If by webcam you mean like the one in your laptop, out an add on USB one, those wouldn't. It needs to be network based.

    I know a little bit about this stuff, but not enough. You'd need to know how the camera identifies itself over the network so you would know what key words or code snippets to search for.
    If you do not have quality malware protection on you computer and your "USB" camera is connected it is accessible to hackers. I don't know about your computer but checking Device Manager on mine the VGA WebCam actually is a USB Video Device and hackers access built in webcams all the time.

  9. #9
    Senior Tech 100+ Posts
    Join Date
    Sep 2015
    Posts
    165
    Rep Power
    12

    Re: How many of your customer's machines are open for hacking or exploitation?

    Have seen this happen when smaller business have zero concept of IT .. We strongly suggest..i.e..unless you have real IT that works with us otherwise..that printers have a static IP. It's part of our Network site survey but smaller offices we can't always get them back before we have to install.

    What happens is that the customer calls up their ISP and tells them that the new copier needs a static IP...The ISP call center knows nothing about IT so they sell them a public static IP and the ID10T the business has as their "IT GUY" give it to the copier....then they use WSD anyway so things prints but only until windows breaks WSD (like the next day) or the crap driver windows uses crashes things or prints incorrectly or no prints at all.

    When we run into these situations..the customer ALWAYS..blames us.
    ><;

  10. #10
    Retired 10,000+ Posts slimslob's Avatar
    Join Date
    May 2013
    Location
    Bakersfield, CA
    Posts
    11,830
    Rep Power
    287

    Re: How many of your customer's machines are open for hacking or exploitation?

    Quote Originally Posted by Vincent128 View Post
    Have seen this happen when smaller business have zero concept of IT .. We strongly suggest..i.e..unless you have real IT that works with us otherwise..that printers have a static IP. It's part of our Network site survey but smaller offices we can't always get them back before we have to install.

    What happens is that the customer calls up their ISP and tells them that the new copier needs a static IP...The ISP call center knows nothing about IT so they sell them a public static IP and the ID10T the business has as their "IT GUY" give it to the copier....then they use WSD anyway so things prints but only until windows breaks WSD (like the next day) or the crap driver windows uses crashes things or prints incorrectly or no prints at all.

    When we run into these situations..the customer ALWAYS..blames us.
    ><;
    I have no problem with with DHCP. Then set the computers up to use device name instead of IP address. That way when you have a customer that likes to frequently replace their router or the ISP and end up with a totally different sub net, you are not having to go out and set their printing up for them again.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Get the Android App
click or scan for the Copytechnet Mobile App

-= -= -= -= -=


IDrive Remote Backup

Lunarpages Internet Solutions

Advertise on Copytechnet

Your Link Here