|
http://www.pcworld.com/article/id,129846-c,privacysecurity/article.html
Photocopiers: The Newest ID Theft Threat
Gregg Keizer, Computerworld Photocopiers are the newest threat to identity theft, a copier maker said today, because newer models equipped with hard drives record what's been duplicated. At tax time, when Americans photocopy tax returns, confidential information may be easily available to criminals. "Consumers and business owners will photocopy highly confidential tax forms containing Social Security numbers, Employer Identification Numbers and other sensitive information in places outside the home, leaving them vulnerable to digital theft," Ed McLaughlin, president of Sharp Document Solutions Co. of America, said in a statement. At issue are the hard drives embedded in most copiers and intelligent printers manufactured in the last five years. Data is stored on the drive before a document is copied or printed; unless security provisions are in place, the data is stored unencrypted and remains there until the drive is full and new data overwrites old. Sharp, a major copier maker, commissioned a survey that found 55 percent of Americans plan to photocopy or print out copies of their tax returns and supporting documents this year. And almost half of that number will do so outside the home, using copiers and intelligent printers at their offices or public machines at libraries and copy centers. "Everyone forgets that there's data in there," said Avivah Litan, an analyst with Gartner Inc. "Copiers and other intelligent devices like multifunction printers are very exposed in the enterprise. They're open to attack via modems and people forget about changing the default passwords." Sharp's survey also indicated that 54 percent of those polled had no clue that digital photocopiers store an image of what's duplicated, and that a majority believed running off returns on copiers or printers is a safe practice. When told of the security threat posed by unsecured hardware, however, two-thirds of the people surveyed said they were less likely to copy their financial information on a public digital photocopier. "I've not heard of any cases of ID theft [from photocopiers]," said Litan. "But there is certainly ID theft in public places like Internet cafes and from kiosks, so I don't see why it couldn't happen at someplace like a Kinko's." Sharp was one of the first photocopier makers to offer a security kit that encrypts data on the hard drive and "shreds" each copied document by overwriting the image after it's printed. Rival Xerox Corp. introduced similar features on its machines last year. "We've told enterprises that they should change the password from the default on copiers and [multi-function printers]," said Litan. "They should disable all services that they don't need, and make sure that the data modem is separate from the fax modem." http://www.kwtx.com/home/headlines/6492417.html Digital Copiers Could Pose Security Risks (March 14, 2007)--When you think of identity theft, you usually have the usual suspects in mind: junk e-mails, lost laptop computers and invasions of corporate data banks. But most people don't think in terms of danger coming from the use of newer versions of photocopiers. Many of the digital copies made in the past half-decade or so have disk drives, the same kinds that are found in computers. That means, say, if you make a copy of your tax return on that new, sharp-looking copier at work, the data could be retained. If the information isn't encrypted or the drive programmed to overwrite information, sensitive information could fall into the wrong hands. Sharp plans to issue a warning about photocopier security issues just as the tax season gets underway. http://australianit.news.com.au/articles/0,7204,21379396%5E15841%5E%5Enbv%5E,00.html
Copiers the new ID threat CONSUMERS are bombarded with warnings about identity theft. Publicized threats range from mailbox thieves and lost laptops to the higher-tech methods of email scams and corporate data invasions. Now, experts are warning that photocopiers could be a culprit as well. That's because most digital copiers manufactured in the past five years have disk drives to reproduce documents. As a result, the seemingly innocuous machines retain the data being scanned. If the data on the copier's disk aren't protected with encryption or an overwrite mechanism, and if someone with malicious motives gets access to the machine, industry experts say sensitive information from original documents could get into the wrong hands. Some copier makers are now adding security features, but many of the digital machines already found in public venues or business offices are likely still open targets, said Ed McLaughlin, president of Sharp Document Solutions Company of America. "You actually have a better chance at winning 10 straight rolls of roulette than getting those hard drives on copiers rewritten," he said. Sharp plans to issue a warning about photocopier vulnerabilities this week. The company, one of the leading makers of photocopiers, commissioned a consumer survey that indicated more than half of Americans did not know copiers carried this data security risk. The telephone survey of 1005 adults, conducted in January, also showed that 55 per cent of Americans plan to make photocopies and printouts of their tax returns and related documents. Of that segment, half planned to make the copies outside their homes - at offices, libraries and copy shops. An additional 13 per cent said they planned to have their tax agents make copies. Although industry and security experts were unable to point to any known incidents of identity thieves using copiers to steal information, they said the potential was very real. "It is a valid concern and most people don't know about it," said Keith Kmetz, analyst at market researcher IDC. "Copying wasn't like this before." Paul DeMatteis, a security consultant and teacher at the John Jay College of Criminal Justice at the City University of New York said: "We know there are bad people out there. Just because this is difficult to detect doesn't mean it isn't being exploited." Daniel Katz-Braunschweig, a chief consultant at DataIXL, a business consulting firm, includes digital copiers among his list of data holes corporations should try to protect. He couldn't specify names but said a few of his company clients did learn about the vulnerability after their copiers were resold and the new owners - in good faith - notified them of the data residing on the disks. Sharp was among the first to begin offering, a few years ago, a security kit for its machines to encrypt and overwrite the images being scanned, so that data aren't stored on the hard disks indefinitely. Xerox said in October it would start making a similar security feature standard across all of its digital copiers. Randy Cusick, a technical marketing manager at Xerox, said many entities dealing with sensitive information, such as government agencies, financial institutions, and defence contractors, already have policies to make sure copier disks themselves or the data stored on them are secured or not unwittingly passed along in a machine resale. Smaller businesses and everyday consumers are less likely to know about the risk, but should, he said. Sharp recommends that consumers take precautions, such as asking their tax agents or the copy shops they are using about whether their copier machines have data security installed. http://www2.csoonline.com/blog_view.html?CID=32481 Mar 14, 2007 Photocopier Risk: The Next Wave of ID Theft Photocopiers are the newest threat to identity theft, a copier maker said today, because newer models equipped with hard drives record what’s been duplicated. At tax time, when Americans photocopy tax returns, confidential information may be easily available to criminals. "Consumers and business owners will photocopy highly confidential tax forms containing Social Security numbers, Employer Identification Numbers and other sensitive information in places outside the home, leaving them vulnerable to digital theft," Ed McLaughlin, president of Sharp Document Solutions of America, said in a statement. At issue are the hard drives embedded in most copiers and intelligent printers manufactured in the past five years. Data is stored on the drive before a document is copied or printed; unless security provisions are in place, the data is stored unencrypted and remains there until the drive is full and new data overwrites old. Sharp, a major copier maker, commissioned a survey that found 55 percent of Americans plan to photocopy or print out copies of their tax returns and supporting documents this year. And almost half of that number will do so outside the home, using copiers and intelligent printers at their offices or public machines at libraries and copy centers. "Everyone forgets that there’s data in there," said Avivah Litan, an analyst with Gartner. "Copiers and other intelligent devices like multifunction printers are very exposed in the enterprise. They’re open to attack via modems, and people forget about changing the default passwords." Sharp’s survey also indicated that 54 percent of those polled had no clue that digital photocopiers store an image of what’s duplicated, and that a majority believed running off returns on copiers or printers is a safe practice. When told of the security threat posed by unsecured hardware, however, two-thirds of the people surveyed said they were less likely to copy their financial information on a public digital photocopier. "I’ve not heard of any cases of ID theft [from photocopiers]," said Litan. "But there is certainly ID theft in public places like Internet cafes and from kiosks, so I don’t see why it couldn’t happen at someplace like a Kinko’s." Sharp was one of the first photocopier makers to offer a security kit that encrypts data on the hard drive and "shreds" each copied document by overwriting the image after it’s printed. Rival Xerox introduced similar features on its machines last year. "We’ve told enterprises that they should change the password from the default on copiers and [multi-function printers]," said Litan. "They should disable all services that they don’t need, and make sure that the data modem is separate from the fax modem." -Gregg Keizer, Computerworld |