Using copiers and scanners to steal ID cards


Hmmm ... This article says that hackers can hijack scanners and copiers and uses them to steal ID cards and other documents.


Office equipment open to hacker attacks

By Byron Acohido, USA TODAY

LAS VEGAS Millions of copiers and printers in thousands of companies worldwide are ripe targets for cyberthieves in the hunt for sensitive business documents.

Web server software today gets built into most printers, scanners, photocopiers, webcams, DVRs and other common workplace equipment.

Researchers from Web security firm Zscaler ran a simple search and easily located 118,194 Hewlett-Packard printer-scanners, 9,431 Cannon photocopiers and 3,554 D-Link webcams equipped as Internet-connected Web servers.

Any intruder could do the same thing, then take over control of devices protected by weak passwords, says Michael Sutton, Zscaler's vice president of research. The intruder could then steal images of documents stored in a copier's memory or take control of webcams placed inside a work area.

"I'd be surprised if attackers weren't already taking advantage," says Sutton, who released the findings Thursday at the Black Hat cybersecurity conference here. "They'd be foolish not to. It's just too easy."

Web server software today gets built into most printers, scanners, photocopiers, webcams, DVRs and other common workplace equipment. This is done to make it easy for technicians to troubleshoot the devices and change settings over the Internet.

"It's a much more convenient approach," says Sutton. "The problem occurs when such servers are enabled by default and either not password protected or protected only by a common default password."

Yet, many companies aren't bothering to lock down server software in commonplace office appliances. Zscaler also easily located 436,947 Cisco routers, switches and other networking appliances equipped as rudimentary Web servers.

An intruder taking control of a Cisco device could monitor and even redirect network traffic, gaining prime position deep inside an organization's network to steal authentication log-ons and proprietary documents.

Much attention at the Black Hat conference here is being paid to escalating attacks to steal intellectual property. A new approach is needed that focuses on identifying and locking down an organization's most valuable assets, says Eddie Schwartz, chief security officer of RSA, the cybersecurity unit of EMC.

Earlier this year, RSA disclosed that hackers infiltrated its network to steal the technology for SecurID tokens that issue one-time pass codes. SecureID is used widely by companies and governments to restrict access to sensitive systems.

"We're living in a compromised world surrounded by advanced threats," say Schwartz. "Our security model has to become more information-centric."

Some simple protection measures that companies can take include identifying and regularly auditing printers, routers and other appliances equipped as Web servers. Unused functions should be disabled, and strong passwords put in place, Sutton says.


Papers Please