homepage Welcome to WebmasterWorld Guest from 54.167.185.110
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

This 34 message thread spans 2 pages: 34 ( [1] 2 > >     
Copy Machines - Major Security Risk
pageoneresults




msg:4133523
 12:45 pm on May 16, 2010 (gmt 0)

This is a topic that is going to cause major concerns amongst many businesses. Not to mention those who have owned personal digital copiers and have discarded them not thinking about the security ramifications.

Did you know that most digital copiers produced since 2002 have a hard drive that stores images of ALL your copies, scans, emails, etc. processed by the machine? I didn't. I feel as though I've been violated in the worst sense from a privacy perspective.

Watch this video...

Copy Machines, a Security Risk?
2010-04-19 - [YouTube.com...]

Did the hair on your neck raise? Did you get goose bumps thinking of the implications? Did you hear at the end of the video where two full containers of used copiers were being shipped? They were going to unknown buyers in Argentina and Singapore.

If the Government doesn't step in and do something about this, I think we have a major challenge on our hands. You've got to watch the above video to fully understand the impact of this.

That one warehouse in New Jersey has 6,000 used copiers on the floor ready to be sold. Think of the numbers globally.

 

lawman




msg:4133533
 1:26 pm on May 16, 2010 (gmt 0)

Heard about that last week. Have a call in to my copier people to see how to wipe the drive.

kaled




msg:4133585
 3:48 pm on May 16, 2010 (gmt 0)

I am at a loss to understand why scanned images are saved - it serves no obvious purpose. If this story really takes off, I can see some juicy lawsuits resulting.

If I were a senior politician in government, I'd be looking for ways to prosecute copier companies and their officers under the Data Protection Act (UK) or anything else that might be applicable. I would not just be looking for fines I'd be looking for serious jail time.

Kaled.

jecasc




msg:4133603
 4:39 pm on May 16, 2010 (gmt 0)

I am at a loss to understand why scanned images are saved - it serves no obvious purpose.


The purpose is simple: To speed up the copying process. If you need 500 copies of one sheet it is a lot faster to take one picture of the page, safe it and then print it 500 times than to take 500 pictures for 500 copies. Also this allows various features for copiers, like automatically sorting copies, or scaling or printing multiple pages in reduced size on one page.

However even if the copies are stored I can think of no reason why the files could not be overwritten after a few minutes. And there is no way this costs 500$ to implement a basic security feature like this. Or they could store the files in non persistant storage devices where the data is lost when the machine is turned off.

And I would expect this information to be on the first page of the manual, and you could expect that companies or public authorities at least clear the harddrives before selling the machines. Or that used machine dealers do this before they resell them. However companies and administrations do not even wipe computer harddrives.

ken_b




msg:4133620
 5:11 pm on May 16, 2010 (gmt 0)

Man, that could have serious repercussions for businesses.

kaled




msg:4133621
 5:14 pm on May 16, 2010 (gmt 0)

If you need 500 copies of one sheet it is a lot faster to take one picture of the page

That's what RAM is for, indeed, in the case you have raised, the image will be cached in memory not the hard disk. Laser printing requires all image data to be immediately available, even a momentary pause from a hard disk could mess things up.

Kaled.

Robert Charlton




msg:4133643
 6:33 pm on May 16, 2010 (gmt 0)

Did the hair on your neck raise?


So far that it just lifted me off the ground.

If there wasn't a global trade in used hard drives from copiers, there is now. I'm about to send the YouTube link to my accountant for starters.

rocknbil




msg:4133644
 6:34 pm on May 16, 2010 (gmt 0)

A specialist in document and data destruction in my networking group brought this up months ago.

It's important to note this is **only** in higher quality printers that actually have a hard drive, most home desktop printers operate only from memory.

It's also only an issue when you have it serviced or discard the printer. There are services in place that will swap out the drive for you before you sell it and certify the destruction of the drive.

This is another topic covered by Red Flag Rules legislation [webmasterworld.com]. The core of this legislation is that you have procedures and policies in place that outline how you manage and destroy customer data and what your policy and plan is in the event of a breach - printers that retain data passed through them are electronic documents, they are included.

graeme_p




msg:4133739
 11:24 pm on May 16, 2010 (gmt 0)

I suspect governments rather favour this, very useful if you want to investigate someone.

Some printers also have anti-counterfeiting measures that have an impact on anonymity by encoding printer serial number, time of print, in tiny dots.

jsinger




msg:4133888
 9:53 am on May 17, 2010 (gmt 0)

The very first machine came from a police sex crimes division. How convenient is that for the investigative report!

HD storage is also useful for a company to see how their employees are misusing the machine.

"60% of Americans don't know copiers store images on a hard drive"
Eh? I would think that figure approaches 100%. This was news to me. Surely hope our CPA knows about it. Thanks for posting it.
IntegrityWebDev




msg:4134191
 7:06 pm on May 17, 2010 (gmt 0)

I saw this....crazy! I didn't know it.

chewy




msg:4134267
 9:28 pm on May 17, 2010 (gmt 0)

Nothing stored in my copier.

I have an old-school one.

tangor




msg:4134288
 9:46 pm on May 17, 2010 (gmt 0)

Looks like a new biz model for IT folks... data destruction.

LifeinAsia




msg:4134291
 9:55 pm on May 17, 2010 (gmt 0)

New? They've been around for years. See this shredder [youtube.com].

Demaestro




msg:4134306
 10:04 pm on May 17, 2010 (gmt 0)

There are many good reasons to store print jobs in memory. We just got an uber printer about 6 months back and it has 250 gig HD in it. Just the other day, weeks after printing 100 brochures we needed a few more. I pulled up my print history, using the beautiful thumbnails I saw the brochure I wanted and clicked print.

I didn't have to pull the file from my computer, I could have queued up that print job from home and printed it for someone to pull off the tray if I wanted.

I love my printers memory.

I am honestly more shocked to hear that people would toss them not thinking that there is data stored on it then I am to hear they store data. For crying out loud my crappy, cheap Fax machine from 6 years ago stores faxes in memory, my toaster and alram clock store memory, how can you not see that your copier most likely does too.

Don't bother trying to wipe memory if you are tossing one, just remove the storage device and keep it. No need to toss good hard drives.

kaled




msg:4134376
 12:21 am on May 18, 2010 (gmt 0)

Did your printer come with a sticker on it that said "Not suitable for use in schools, hospitals, government or anywhere where data is considered confidential"?

Kaled.

rocknbil




msg:4134455
 3:35 am on May 18, 2010 (gmt 0)

They've been around for years.


As has been the problem with improper destruction of sensitive data. This is really what the Red Flags ruling is all about. This deal with the hard drives is just another aspect of a problem that has been going on for years.

I was talking with the shred guy from our networking group today, he said there are at least three schools in our area that still think "regular recycling is just fine, thank you." We're talking about paper . . . who cares what goes on inside those wonderful boxes that let us play Solitaire at work.

He gave a presentation a month or two ago with similar footage, the types of HD shredders in that video are considered inferior in his industry. His machines don't just chew up the HD's, they grind them to dust. His claim is those little bits at the end of the video can be reassembled by the truly determined, I find it hard to believe but . . . . you know. :-) When it's done you get a certificate of destruction.

"Want to find out what your competition is up to? Just dig through their trash."

kaled




msg:4134600
 10:44 am on May 18, 2010 (gmt 0)

Unless you work for the intelligence services, a big hammer is plenty good enough to destroy a hard drive. However, proper wiping with random data (two passes) will render all data unrecoverable and is more environmentally friendly.

Kaled.

BillyS




msg:4134628
 12:08 pm on May 18, 2010 (gmt 0)

About three years ago our company instituted the security Sharp has in their machines - I think it encrypts the data then does some kind of erase once the job is done. Still, the data is probably recoverable... I suspect that as long as there are a lot of unprotected data out there a thief would rather look elsewhere.

J_RaD




msg:4134668
 1:38 pm on May 18, 2010 (gmt 0)


There are many good reasons to store print jobs in memory. We just got an uber printer about 6 months back and it has 250 gig HD in it. Just the other day, weeks after printing 100 brochures we needed a few more. I pulled up my print history, using the beautiful thumbnails I saw the brochure I wanted and clicked print


this isn't about you telling your copier to store a print job so you can print it later at ease. Its about your copier storing everything you place on the glass if you ask for it or not.

incrediBILL




msg:4134687
 1:57 pm on May 18, 2010 (gmt 0)

I suspect governments rather favour this, very useful if you want to investigate someone.


Unless it's government secrets leaking out via the copier repairman ;)

jsinger




msg:4134754
 4:07 pm on May 18, 2010 (gmt 0)

And how does one know their particular copier has a HD?

Our cheapie Brother copier cost about $600 5 years ago. Am I supposed to rip it apart looking for something that looks like a conventional HD?

Demaestro




msg:4134760
 4:16 pm on May 18, 2010 (gmt 0)

Am I supposed to rip it apart looking for something that looks like a conventional HD?


I would try doing an Internet search for the model number and check out the hardware specs.

pageoneresults




msg:4134776
 4:48 pm on May 18, 2010 (gmt 0)

And how does one know their particular copier has a HD?

I would try doing an Internet search for the model number and check out the hardware specs.


As soon as you posted that, parts of the world lit up. Now that is going to be a booming business model. First one to market wins! :)

Color7




msg:4134818
 6:02 pm on May 18, 2010 (gmt 0)

I'm surprised this hasn't been a mainstream issue yet. I worked in a print shop for a while. You would be VERY surprised what you can dig off of the hard drives there. Be careful next time you duplicate anything on a public copier.

jsinger




msg:4134833
 6:25 pm on May 18, 2010 (gmt 0)

Be careful next time you duplicate anything on a public copier.

Years ago people would line up on April 14th to make copies on the public machines they used to have in grocery stores.
--
Easy to learn if a copier has a HD; much harder to determine with certainty that it doesn't. I tried with mine. A clear public warning should be required on the outside of any public machine. Which is to say public machines will become history as revenue plummets.

tangor




msg:4134877
 7:42 pm on May 18, 2010 (gmt 0)

Want the last chuckle? Look at the the copiers in public libraries. All kinds of violations (cleaned one up for a local small town library surrounded by a really big town). As I said previous, new biz in data destruction... and I'm not talking shredding hard drives... just the data on those so the machines keep running... and streaming work (copies) bypassing the hard drive (new code). Enough hints (been doing this for three years). Stop. Think. Copiers everywhere. Revenue stream. Privacy. Data protection. Etc. These daze (sic) $75/hr, one hr min, in out 20 minutes. Better than adsense...

Does require gasoline/diesel to get from here to there but that's a cost of biz write off.

inbound




msg:4135241
 11:31 am on May 19, 2010 (gmt 0)

A bigger concern than purchasing random copiers from warehouses is the theft to order of copiers from prime targets. It doesn't even have to be that difficult, you could pose as a maintenance guy if you are really brave - a good percentage of office staff would not question an "annual service" or a replacement machine being delivered.

Be afraid...

jsinger




msg:4135338
 2:57 pm on May 19, 2010 (gmt 0)

No need to swipe the whole very heavy machine which would be missed immediately.

How long would it take a tech to switch HDs from one of those machines? Or an employee or temp working late could download the HD. No one would ever know.

Wonder how many copier repair places are actually owned by the IRS/FBI/Chinese government?

I think I'll open a repair company in Washington, claim to do lots of government work and sell the company to the highest bidder... China, Russia, Middle East! This whole thing really bothers me and I'm certainly no privacy nut.

pageoneresults




msg:4135406
 4:16 pm on May 19, 2010 (gmt 0)

This whole thing really bothers me and I'm certainly no privacy nut.


I kind of gave up on the privacy thing once I came online. All you can do is take preventive measures to maintain some form of privacy which can be very difficult to do for some, myself included.

But, this is something that it appears few of us have given much thought too. Including that warehouse in New Jersey who is shipping containers of used copiers to unknown buyers in Argentina and Singapore, there should be criminal charges filed against the folks involved with this.

According to the video, it takes about 30 minutes to remove the hard drive. I wonder how many HDs have been covertly replaced over the years only to turn up in the hands of a miscreant?

We're to blame too. Since I first posted this topic, I've sent out emails to select people in my network alerting them to the issue. Not a single one of them knew about an HD in their commercial copiers. These are business owners so it may be safe to say that the person responsible for the equipment is aware of best practices security measures. Ya, imagine that. :(

Aren't most copiers, and the hard drives within, made in China?

This 34 message thread spans 2 pages: 34 ( [1] 2 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved