Digital Photocopiers Loaded With Secrets -- CBS News

veritas_libertas

Digital Photocopiers Loaded With Secrets - CBS Evening News - CBS News

tiersten

Not too suprising. The MFPs at work have a big HD in them that spools your jobs and also stores them there if you want the print-only-when-I-turn-up option.

The Toshiba MFPs we have run some sort of Samba server on the network interface so I wouldn't be too surprised if it ran Linux in there somewhere. This means that the HD will most probably be a common Linux filesystem so snagging printed files that are still queued and deleted files isn't going to be difficult.

If you're truely paranoid then you actually take the HD and drums out of laser printers before selling or junking. You're able to recover a portion of the last printed page from the drum usually.

Paul Boz

I saw this on the SANS forensic twitter page yesterday. A bigger threat to people are the unnecessary or vulnerable services running on these out of the box. Like tiersten said, these devices often scan and store documents. The units that do faxing are almost always guaranteed to have sensitive data on them. By leaving anonymous FTP, SNMP w/ default strings, and other services available, anyone on the network can take this data or use the device as an anonymous share.