Digital Photocopiers Loaded With Secrets

skids writes 'File this under "no, really?" CBS news catches up with the fact that photocopiers, whether networked or not, tend to have a much longer memory these days. When they eventually get tossed, few companies bother to scrub them. Couple this with the tendency of older employees to consider hard-copy to be "secure," and your most protected secrets may be shipped directly to information resellers — no hacking required. "The day we visited the New Jersey warehouse, two shipping containers packed with used copiers were headed overseas — loaded with secrets on their way to unknown buyers in Argentina and Singapore."'

No problem

[eln]

I always take care to disguise my ass before photocopying it. You can never be too careful these days.

Re:No problem

[Darkman, Walkin Dude]

If you get the moustache just right you can do a passable Mr Potato Head.

Re:No problem

[Monkeedude1212]

I somehow knew this topic would be the butt of every joke.

Re:

[interkin3tic]

Taco really was assking for it with the "office-party-bums dept" bit.

Re:

[Abstrackt]

I somehow knew this topic would be the butt of every joke.

Only the cheeky ones.

Re:

[Scarletdown]

I always take care to disguise my ass before photocopying it.

Well in my day...

"People wrote books and movies, movies that had stories so you cared whose ass it was and why it was farting. And I believe that time can come again!"

Re:

[Hoi Polloi]

It was your butt? That explains why one image filled the whole copier hard drive.

Re:

[KC7JHO]

Ya, just imagine if the oil companies ever get wind of it ....

Thats supposed to be obvious?

[EricX2]

I never would have guessed the copy stayed in memory on the device. When I copy, scan to email or, scan to file it doesn't give me the option to 'scan again without reinserting original'... or does that imply the ones we have don't have this 'feature'?

Re:Thats supposed to be obvious?

[fuzzyfuzzyfungus]

It depends on the calibre of the device. Your basic deskside all-in-one isn't much of a risk. The real cheap seats might only have enough onboard storage to show up on the USB bus and have their firmware blob dumped to them by the driver.

Many of the nicer models, though, have an internal HDD, often with a webserver, to support use cases like "scan, retrieve document through web interface" or "receive and store faxes without printing them all". Those are the ones you have to watch out for.

Given that most printer manufacturers can't seem to design UIs that aren't exercises in pain, it may or may not be obvious based on using the device how much storing it is doing.

Re:

[Em Emalb]

that and a lot of them these days have email capabilities (scan and email) so you get the directory full of usernames and email addresses. We actually barely remembered in time to do this when we shipped back a bunch of dell all in ones after their lease was up.

Re:

[xOneca]

Your basic deskside all-in-one isn't much of a risk.

You mean cheap all-in-one are more secure than expensive ones? I wouldn't say that if it wasn't for this article...

Seems one more thing to have in mind when buying a printer...

Re:Thats supposed to be obvious?

[Jaysyn]

Security thru lack of features, maybe.

Re:Thats supposed to be obvious?

[wjousts]

In the same way that a wall is more secure than a door. It has less features to start with.

Re:

[Kral_Blbec]

I used to work in a print shop with some really nice machines. None of them had a function to reprint a previously printed document from the main display. The one I used the most had a 120gb drive in it that I could access, but I couldn't print from there either. I could view the queue of what had been previously printed by document type/name, but I couldn't actually print or view it. It also had a display of how full it was, and the only time I ever saw it fill up was when I was printing a large raw file (

Re:

[tagno25]

but that is a setting that has to be enabled to work, and even then the files (and possibly file system) are encrypted for that device.

Re:

[coolsnowmen]

...the files (and possibly file system) are encrypted for that device.

You know this to be true? out of curiosity, what brands?

Admin rights required!!

[IrishHammo]

Even nicer, I remember a few years ago I needed to scan the work permit in my passport for HR. So I went to the photocopier, did a scan to storage, and from my desktop retrieved from the photocopier storage and emailed. Job done I went to delete my passport from the photocopier storage. No Dice, windows admin rights required, and when I asked a windows admin to delete it for me (and the other 8 confidential documents sitting there with full read access) I got a very blank look.

Re:

[ElectricTurtle]

It's supposed to be obvious when your giant MFP has a goddamn HARD DRIVE in it, and I've seen many that do.

Not being able to go from email to file on the same image(s) is just bad interface design that assumes you want to do only one thing with the document. Whether it's still in memory or not depends of course on the design of the MFP's platform. The large memory capacity in terms of both flash and magnetic media is mostly for balancing high resolution input from multiple sources in a network environment

Re:

[interkin3tic]

It's supposed to be obvious when your giant MFP has a goddamn HARD DRIVE in it, and I've seen many that do.

See, I don't even know what an MFP is, so whether or not mine has a hard drive in it is really not obvious to me or my coworkers at the buffalo police office sex crimes division.

(For those of you who didn't RTFA, the "buffalo police office sex crimes division" was a humorous reference to the article. You missed out on that very funny joke. That'll learn you to not RTFA.)

Re:Thats supposed to be obvious?

[YttriumOxide]

I never would have guessed the copy stayed in memory on the device.
When I copy, scan to email or, scan to file it doesn't give me the option to 'scan again without reinserting original'... or does that imply the ones we have don't have this 'feature'?

Generally it doesn't. Many devices have the ability to store at the same time as copy, however it's a feature you generally have to explicitly choose (unless enabled as a security mechanism by the device administrator). Some devices also have the option to keep the last job in memory (however not permanent storage such as HDD) in order for a "fast reprint" or "fast resend", but it's not a common feature, so I wouldn't be too surprised that the ones you're using don't have it.

A far more pressing concern than memory is the permanent storage. Most devices these days have an HDD that will store data for various purposes. Actual images of copy/print/scan jobs are only rarely stored, and usually only when explicitly set to do so (as above), however user data information in the form of job logs, counter information, credit information (for embedded accounting applications) and so on can be quite a concern. Most decent devices will however have a "secure erase" feature to be used by the administrator before disposing of the device, and often also an option whereby data going through HDD and RAM is encrypted on the way in/out (except of course actual operating code - but that doesn't contain YOUR sensitive data, only the manufacturers...).

To all: Feel free to ask for clarification on anything copier/MFP related... writing code for these things is my day job. Many things in the article are half-truths and some are just flat out wrong.

Re:

[YttriumOxide]

Sadly true... Well, true that I don't do the UI (our marketing guys don't either... we actually have a dedicated team for UI design, and they constantly make me cringe)

Re:Other Copier Security Risks

[YttriumOxide]

Yes, both of those are pretty much "open secrets". Here's some details:

color copiers can detect certain unique features of currency, and will refuse to copy a document that has those features.

The currency detection routines are pretty much hardcoded in the image processing ASICs are NOT a part of the copier firmware that gets flashed in a routine firmware upgrade. This means that in general it's not easily updated for new currencies (although can be in some cases where image processing boards are physically replaced). It also means it's incredibly hard to bypass and extraordinarily annoying when it misdetects something.
Most devices will block out ALL further output if a certain number of detections are made in a row. This however is generally just a flag in the nonvolatile RAM which a service technician can then clear from the device's service mode. The legal proceedings for doing so differ by country (in most of Europe for example, there's no specific law, and the techs just do it as a matter of course without any special procedures. In Australia, they're required to contact their head office who will then contact the appropriate government agency before the technician may clear that bit. I don't know about the US though sorry.).
In some poorly designed devices, you can work around the currency detection by bypassing the image processing. This would be done by getting data in to the MFP in the raw raster format that the MFP uses (essentially the format that print/scan/copy jobs are processed as internally before being output on paper or as a scan job) and then getting the MFP to print that directly. The exact method would vary by MFP, but if the MFP has a "box" function where data is stored in user specific folders on the MFP's HDD, then copying the raster data in there would probably do the trick for many device types. I can say from my own work that this will NOT work on all devices though as the devices I work with don't allow raster data to be printed directly from any storage source - all user data on the HDD must be either "image" (PNG, JPG, TIFF, etc) or print data (PCL, PS, PDF, XPS, etc) format, or it will be ignored and deleted during the internal security processing of the firmware (and data coming in from external won't even make it to image processing if it doesn't match a valid type).

color printers put a virtually invisible unique pattern of tiny yellow dots on every sheet they print, so that the sheet can be traced back to its owner.

The yellow dots will match to the manufacturer, model and serial number. It's up to the local laws of the country to determine if the government has the right to request the manufacturer to store and divulge that information. It's also worth noting that in many models (almost every model from every manufacturer, but not ALL) the serial number is electronically entered during the MFP's "run up" (initial factory setup) and so CAN be altered in the case of someone wanting to avoid being tracked simply by clearing the nonvolatile RAM (making it believe it's "factory fresh" again) and then following the service procedures for running the device up. The process is basically impossible to know without the appropriate documentation though, as it's deliberately esoteric and weird (things such as "enter the date, then the serial number, then go back to the date screen, then press OK, otherwise it won't accept the serial number" (note: not a real example)) as a kind of security through obscurity on top of the requisite knowledge to do this sort of thing. A copier technician under normal circumstances doesn't get told about the yellow dots, although we don't really keep it secret from them - just don't specifically tell them. So, I'd say most of them do know about them, but don't know the finer details such as that the electronic serial number is a part of it... If they did know this, then yes, they most certainly COULD take any MFP they know how to service and change the serial nu

true story

[cinnamon colbert]

many years ago, in the ages of DOS 4.0 and so forth, we had a hewlett packard laser jet, which we thought pretty slick, that connected with a huge fat parallel port cable. One day, I unplug the printer and hook it up to another PC, which, children, in those far off days was quite an adventure in drivers (this was before you could download drivers off the web.....almost pre historic) While, I send some print jobs, say job1, job2.... to the printer, some of which print and some of which vanish, but, eventually, I get all the printouts I need and hook the laserjet back to its orignal computer. A month or two later, printjob2 popped out of the printer. snce the software for this was not installed on the pc the printer was hooked up tow, the job must have sat in the printer all that time (this is long before any "wireless" was available - it would be 2 or 3 years later that the marvel of 802.11A came along)

Re:true story

[EdIII]

I just had this wonderful image of you in a lawn chair, pants up to your nipples, with a bunch of little tykes sitting attentively on your lawn while you waxed nostalgic about the days of the parallel port, the Internet being a bunch of BBS's, and having to enter in the heads and cylinders of your hard drive into CMOS. When CPUs had numbers and not fancy marketing names given to them by Nancy boys with MBA's and real men used punch cards....

*sniff*

I got to call my Gramps, brb

Re:Thats supposed to be obvious?

[drooling-dog]

Well, the original submission says,

Coupled with the tendency of older employees to consider hard-copy to be "secure"...

...so it looks like this is only a problem for the geezers; after all, digital photocopiers are like magic to them. There's virtually no chance that any of the savvy young hipsters in your organization could fail to be aware of this threat.

Re:

[Lennie]

I think what is happening is, the operating system of the printer (which I hear in some cases is Linux ?) works like most operating systems when deleting a file. It just removes the directory entry. So the file-data is still on the disk, but it has no name or length, isn't connected to a directory and parts could be scattered all over the disk.

S/N

[paiute]

If they are anything like our photocopiers, the criminals will have to wade through a sea of lolcats and fail posters to get to any actual business information.

Re:S/N

[interkin3tic]

the criminals will have to wade through a sea of lolcats and fail posters to get to any actual business information

Unless they find a way to make the text searcheable and just search for "social security number" or "credit card number" and look at what's written right next to it. And while I don't know how to do that personally, it seems like the type of thing that would take about 10 minutes to figure out and then another 10 minutes to actually do.

Re:

[adonoman]

Interestingly, there are OCR engines that are specifically designed for searching text. If you are OCRing to get text output, you need to make a decision on the final result for each character (often getting e and c or L, l, 1, ! and | mixed up). The search oriented OCR can maintain ambiguous interpretations and allow much more complete searches (trading fewer false negatives for potentially more false positives). The one I'm thinking of offhand is OneNote's image handling - you drop an image into the no

Re:

[interkin3tic]

I bet it wouldn't have taken you that long to figure out.

I don't know, I'm very easily dist- whoa, a butterfly!

Why?

[kabloom]

Why did they start designing copy machines to have long term storage, and to keep a copy of everything ever copied?

Re:

[spire3661]

Pretty much since hard drives were cheap enough to mate up with their digitizers.

Re:

[NeoSkandranon]

Because as I understand it really fancy copiers are also document repositories of sorts, with a web interface to retrieve faxes and scans, and so on.

Not saying it's a good idea, but it's an extension of the "multifunction machine" that copiers have become anyway

Re:

[socsoc]

Could you please photocopy that post without specifying the monospace font? It's messing up my digitizer scripts and I won't be able to have a copy of everything ever posted in the thread.

Re:

[Z34107]

It depends on the model, but a lot of features need long-term storage. Things like "secure" printing, where you have to type in a PIN before it will release our document.

Other features like "print from the web interface" or "print from e-mail" (running on a server on the printer itself) need storage. Keeping a history can also make management easier - some people use it to keep track of who is using company printers for personal use.

Re:Why?

[SoTerrified]

Why did they start designing copy machines to have long term storage, and to keep a copy of everything ever copied?

In the old days, if you wanted 5 copies of a sheet of paper, the scanner would scan 5 times. Then someone thought "Hey, what if we could save the scanned image?" So you could scan once, and print out 5 copies. The easiest method is just to toss in a hard drive, and store the copies on there. Now, copying a variable number of pages, then erasing them immediately is extra wear and tear on the HD. You can get a longer drive life by distribute the data all over the HD so it's easily written, then only overwrite when the entire HD was full.

Pretty simple, really. The only downside is that the HD inside contains the last items scanned, up to the memory of the device. (So while it doesn't keep a copy of "everything ever copied", it could easily be the last several thousand items copied.)

Re:

[iamhassi]

" Now, copying a variable number of pages, then erasing them immediately is extra wear and tear on the HD."

Sure that makes sense, but why the long-term storage? Why does it store the copies from 6 months ago? Shouldn't it go through every week wipe anything over a week old?

Of course that's not perfect, there's still going to be that final week on there, but at least no one will be "downloading tens of thousands of documents" from a photocopy machine like they did.

Also shouldn't the manufacture's

Re:

[The Wooden Badger]

Keeping a copy for 6 months is more of a function of the office workload. The manufacturer makes the available memory really high so that it isn't going to be "broken" by really high workloads. If an office manager gets a pimp photocopier only to be used for a few copies a day, that is on the office manager.

Re:

[Red Flayer]

Also shouldn't the manufacture's be responsible for this somewhat? It's obvious when you save a document to a computer that the drive needs to be wiped, not so obvious when it's a copy machine. Shouldn't there be big warning labels and a "wipe all" button on the back somewhere? Sharp apparently offers a product to wipe copy machine hard drives.... for $500:

I worked for a company a few years ago where one of the things I did was to oversee all leases and support contracts, including copier leases. Our supp

Re:Why?

[mlts]

Every HDD out there, as part of the ATA standard, supports a secure erase command. The utility HDDErase is one such tool which tells a drive to erase itself. And since this is done at the drive level, it is a lot faster than a dd if=/dev/zero of=/dev/sdwhatever because there is no data having to be moved through the drive's I/O channels, the drive head is just writing the zeroes itself. Some drives AES-256 all the contents automatically, and a secure wipe tells the drive just to drop the existing key it uses for encrypting/decrypting data, and generate another one. This is a lot faster because once the old key is erased and a new key is put in, the remaining data on the disk is useless.

Another method is to do a file encryption method similar to how Windows Mobile post 6.0 stores encrypted files on a memory card: Generate a random 256 bit key for every item going on the HDD. Store the key to every file in the copier RAM (unless there is a reason to have persistent storage, then store it on some non-volatile memory that is easily erased.) Then when done with the copy and the data on disk isn't needed, drop the key from RAM (perhaps overwrite it in RAM a few times), and delete from the disks's filesystem. Since the encryption key only persists in volatile RAM for the lifetime of using the file, this method makes it almost impossible to recover data, unless someone is attacking the copier while it is live and in use (which then there are even bigger problems.)

Re:

[Obfuscant]

That would be extra wear and tear, what's wrong with just overwriting data when the HD is full?

I think we've pretty much covered "what's wrong" already. CBS did a story on it. We've been discussing it in this thread.

So shredding the file you've just printed out is a little more wear and tear on the disk. These were LEASED copy machines that are under maintenance agreements. Charge $100 more per year for maintenance and replace the disk when it fails, and do the right thing by shredding data that isn't in

Re:

[YttriumOxide]

Agreed, and in reality this is how it's done. Adding the HDD is NOT for storing temp copies of current job data - RAM is used for that. The HDD is used when RAM is full (essentially, swap), and for anything DESIGNATED as being longer term storage.

Re:

[Cassini2]

Why did they start designing copy machines to have long term storage, and to keep a copy of everything ever copied?

The copiers scan the originals into memory, and then print from memory. It allows them to print 5 copies of a 100 page document, all perfectly collated. The long term storage is a side effect.

Having a hard drive also enables new features, like network printing to the photocopier, and network scanning. These command a significant price premium with minimal hardware cost. As such, the photoc

Re:

[Corporate Drone]

Why did they start designing copy machines to have long term storage, and to keep a copy of everything ever copied?

The news report is being sensationalist, and leading you to believe that it's keeping the data. Listen to the report again: they use a forensic program to get at the files. In other words, unless you tell the device to save the image, it's deleted. (The catch is that "deleted" means "entry deleted", not "file wiped off the drive".)

In other words, companies aren't wiping the hard drives of leased copiers. (Then again, are companies wiping the drives of leased PCs? Of PCs they owned, then threw away?)

S

Re:

[T-Bone-T]

I think you missed the part where it said,"...available for free on the Internet..." Anybody can get the program.

Re:

[an unsound mind]

And that is not the blindingly obvious how?

Re:

[T-Bone-T]

I don't know what you mean.

Re:

[CAIMLAS]

It probably comes down to cost.

If a printer has a 22ppm rate and has 64MB of RAM, you're not going to be able to print more than one or two larger print jobs at a time - particularly if they're RAW jobs. You'll need a print server for that, and you'll have a significant bottleneck before getting to the printer/the printer accepts the job. This leads to user agitation.

So, while 128MB costs $100 (at the time), a 40G disk costs roughly the same amount - and you can cache to disk with marginal overhead and prov

Re:

[Locke2005]

When somebody decided it might be faster to print 100 copies of a full-color 100 page report without downloading the entire thing to the printer 100 times...

This is more a problem with multifunction machines, i.e. our copier/printer/fax at work keeps all received faxes and scanned images on a network mapped drive until explicitly deleted. That's only a problem if your admin fails to clear the HDD before surplussing the machine, but most of these are leased from a 3rd party who doesn't give a shit about yo

No one will bother

[GigsVT]

No one is going to sort through millions of pointless memos about employee picnics and birthday party announcements on the off chance that there's something potentially valuable to someone somewhere.

Re:No one will bother

[rhsanborn]

No one is going to go dumpster diving and digging through reams of discarded employee picnic announcements just to try and find some corporate secrets, wait... shoot.

Ok, let's try this again. No one is going to go through piles of keylogger data most of which is filled with lols and a\s\l?s to try and find a persons banking credentials, wait ... frick.

No one will do it, except the people that do. There is a buck to be made, people will do it.

Re:

[bdsesq]

No one is going to sort through millions of pointless memos about employee picnics and birthday party announcements on the off chance that there's something potentially valuable to someone somewhere.

Want to bet? Oh, that's right you already are betting. If no one goes through your copier data you win -- nothing. If someone finds a password or credit card number you lose -- big time.

So nothing to gain and everything to lose. Sounds like wiping the copier disk is a "must do"!

Re:

[natehoy]

Personally, I think finding the drive/memory and smashing the shit out of it would be cheaper and more effective. Shame that the photocopier can't be reused, but spending $500 to wipe a photocopier that you can sell for $300 isn't very efficient either. Recycle the parts, and give $300 to a charity so they can buy a used photocopier from someone else.

Re:

[GigsVT]

If you are making photocopies of a sheet with your password on it, you have way bigger security issues to worry about.

Re:

[Kral_Blbec]

Yup, because OCR would take too long and they would never think of that. If it kept printouts and not just copies (and many copy machines can also function as a printer) it would be very quick and accurate to OCR everything on a drive and do a text search for S/N

Re:No one will bother

[_Sprocket_]

Data is valuable. Labor is cheap.

Re:

[natehoy]

Your statement is an example of "security through obscurity" or "hiding in plain sight". That model of security was already disproved long ago. And, by "long ago", I'm referring to thousands of years, not weeks. It not only predates the invention of the photocopier, it predates the invention of paper. It probably even predates the concept of walking upright.

Hiding important things in an ocean of unimportant things means that someone can still get at the important things if they try hard enough, or are a

Re:

[GigsVT]

I didn't say it was secure, just that no one will bother.

Re:

[Hatta]

Do you have any idea how much electronic waste gets sent to Africa? Do you have any idea what the economy there is like? Do you have any idea how much identity theft originates from Africa? These are people with very few legitimate options, and a very low risk to reward ratio for the illegtimate options.

Re:

[rubycodez]

sure they will, there are those who go through entire dumpsters looking for valuable papers

and your stereotype is silly, such "pointless memos" are done via e-mail, copiers mostly do business papers

Re:

[geekoid]

That is not a trivial matter. I mean, when I did printer software, every model would need to have a different script. For example The HP Laser III would need a different script then the HOP laser IIIA. And from all out word appearances, the models were identical. In fact, with the exception of the printer codes, they were the same and would be sold as the same HP Laser III.

Yes, that's correct, you could have two printers that looked identical, behaved Identical, but had different printer codes.

Add tot hat,

Re:

[logjon]

It took Juntunen just 30 minutes to pull the hard drives out of the copiers. Then, using a forensic software program available for free on the Internet, he ran a scan - downloading tens of thousands of documents in less than 12 hours. rtfa

Re:

[skids]

What you do is suck in the raw data and search for chunks in known formats. The PS and PDF can mostly just be text searched, bitmap OCR is extremely easy to automate if all you want is a raw text dump and do not care too much about the occasional column-interleave scramble.

The point is you aren't looking to do a thorough scan, just enough of a scan to find some of the interesting things. If you let some interesting things slip through your fingers, that's no big loss, there are plenty more hard drives whe

Re:

[logjon]

It's really not. Command line OCR is a reality, and anything with a command line interface makes for easy scripting.

Re:

[mikael_j]

Don't forget that most of these machines are also printers, and most office workers print a lot more than they copy.

Secrets

[Z34107]

I'm not surprised - there are all sorts of nifty things mere "copiers" do. They can store documents forever, especially "secure" ones that you have to release with a PIN. They provide network services - some include (hackable!) FTP servers.

HPs printers support SNMP, but usually in the most insecure method possible. One of the simpler things you can do (Google it, perhaps not using SNMP) is remotely change the LCD text and blink the status lights. I wrote a script that would make all the HP printers on campus flash an animated ASCII Kirby dance.

Print servers are just that - servers. But, they look like copiers, so they get thrown out with secrets.

Re:Secrets

[zill]

I wrote a script that would make all the HP printers on campus flash an animated ASCII Kirby dance.

Travis! You finally made a slip of tongue. Us sysadmins has been hunting the culprit for years now and now we finally got you!

Re:Secrets

[Lumpy]

My favorite was to change the language file and make "ready" be "insert coin"...

Re:

[adenied]

Years ago (circa 1999 I guess) I discovered that many of the campus printers at my university were wide open to telnet. One could log in to any of them without a password and change multiple settings. I worked for one of the departments that had a lot of computers that we administered so ours were pretty locked down. But most departments relied on the campus-wide organization for pretty much everything. I e-mailed their security people about the problem and pretty much got blown off with "we don't think it

Some people don't listen

[bfmorgan]

I have pointed this out to my company's computer security guy and his response was, "I don't worry about copiers, that is a human resource issue". I have sent him this story. Maybe that will get him worried. Oh, and I cc'd the CEO.

Re:Some people don't listen

[Red Flayer]

Why didn't you email the local head of HR? The guy told you who is responsible...

Instead now you have a situation where you're calling someone out on something that is not their responsibility... that's not the nicest (or most effective!) way of handling it.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Kozz]

So you're eager to tangle with both HR and the CEO? Around here that's a sign that you hate your job.

From the article

[Itninja]

Nearly every digital copier built since 2002 contains a hard drive - like the one on your personal computer - storing an image of every document copied, scanned, or emailed by the machine.

Having worked in the digital industry up until 2007 I can tell you, that is a laughably inaccurate statement. We had half a dozen industrial-class copiers, all from 2004 or newer. The only one with a 'hard drive' in it was the high end color copier/printer; and we had to specifically add that option. I think it would be accurate to say that nearly all digital copiers might be configured to use a hard drive, though many are external and often separated from the device when it's sold.

Re:

[geekoid]

"digital industry"?

what? you carved atoms into bits for a living?

Re:

[Itninja]

Meant to type 'digital printing industry'. :/

Re:

[Itninja]

Indeed. But even storage used by the machine would required some physical presence. Having torn these machine down to almost the bare frame on more than one occasion, if there's a hard drive in there, it's invisible. Maybe some flash memory on the board somewhere, but I doubt it could store more than the last 100 pages or so....

Re:

[kriston]

Thanks for your post. I thought it laughingly idiotic to assume that so many of these devices have hard drives in them to begin with. I guess it wouldn't have made the local public-interest story on so many radio stations this morning if they didn't say that.

Re:

[michaelwv]

And I suppose that's really the distinction. If you asked people, "does the copier right now have a copy of that page you just copied?" that might not be surprised by that, but "does the copier right now have a copy of that page you copied last year?" they would be, and the difference comes down to how much storage and whether or not you have persistent storage.

that's an interesting bank statement, mr salesman

[wfmcwalter]

My company recently bought a used copier/scanner/printer, which had supposedly been reconditioned and cleaned. It included a "document server" feature, whereby jobs could be scanned to its internal disk (or print jobs could be stored in the printer for later printing). The salesman who sold it to us had helpfully left scans of his current account statement in the document server, together with some placating letters to other customers. After thinking about what uses we'd actually have, I decided just to turn the document server feature off for everyone. I did leave the deferred-jobs part on (as it's useful when someone is printing on weird stock or printing something confidential) - thus ensuring that anything left on the copier (the company is now defunct, the copier presumably resold) is guaranteed to be juicy.

Re:

[ae1294]

The salesman who sold it to us had helpfully left scans of his current account statement in the document server ... After thinking about what uses we'd actually have, I decided ... it's useful ... printing something confidential ... thus ensuring that ... (the company is now defunct)

Hummm... that must have been a really awesome hookers and blow party your company had!

new feature idea...

[Stewie241]

Isn't there a spec for deleting data? Seems it would be a good selling feature and cheap to implement a system in the BIOS of all PCs and any device that has a hard drive a way to securely delete all data. This would make it much easier to get rid of old equipment without having to worry about what data is left.

Sensationalize much?

[geekoid]

Yes, are secrets ar in da printed memory...oh noes!

What are the odds that any printer happens to have some damming secret in it that's being reomoved? Is it worth going there avery single decommissioned printer to find it?

No.

Re:

[Amouth]

Every? yea that would be a waist.. but you know if you showed me different copiers - i could tell you roughly what each one would be used for (aka the departments) and if you could get any of the back history of the last lease.. that is when you start targeting companies or government groups for specific info.. and that my friend is where you start getting info that can make you money.

even where i work - i know of 1 copier that gets used for a couple random things BUT it is also the one the book keeper

Re:

[sjames]

That depends. They tend to get shipped to cheap labor countries to get stripped and buried where the environmental and workplace safety laws are non-existent. It might be worth the cost of labor THERE.

In the U.S., it might be a good way to employ a few meth heads. They tend to be hyper-focused, love doing dull repetitive work, and don't really want to talk to authorities about anything like being paid less than minimum wage or what their urine test might reveal. Since legitimate work that they can do while

They aren't really files--it's raw data

[kriston]

They aren't really finding files. The files, of course, are marked for deletion and are deleted with the data left behind in unallocated sectors. What they're doing is using forensic tools to take this raw data off the hard drive and re-assemble it into files, something well-known about computers. The point of the story is that nobody knows it's true about many digital copiers, too.

As for the $500 device to wipe the drive, this device is expensive because it's a little computer that does a "wipe" of the

Re:

[LanMan04]

As for the $500 device to wipe the drive, this device is expensive because it's a little computer that does a "wipe" of the hard drive data to FIPS 142-2 and NIST 800-88 4 standards.

Well, after putting the drive through that it won't be usable by the copier anymore (unless copier will accept and format any plain-Jane drive, but I seriously doubt that), so why not just get DBAN's Boot N Nuke and be done with it? Or a hammer? Or a gun? Most of those cost less than $500 and meet the same security standards.

http://www.dban.org/download [dban.org]
http://www.dban.org/faq/software [dban.org]

These are machines with hard drives.

[Delusion_]

No hard drive, no real issue.

I see this issue crop up with large-format printers/copiers, but the issue is really the same as what the article is talking about. Many photocopiers, printers - both small format and large format - have the ability to re-print from history, and this is because all the jobs are saved locally to the device. Depending on the device and manufacturer, this may or may not be a real problem. On some of our devices (large format), the history is set in terms of gigabytes - usually t

Re:

[Delusion_]

Yes, TFA is a bit of scare-mongering. Quite honestly, most businesses are not in jeopardy if their old printed/scanned documents get out of their hands; by the time anyone else has access to the device, the documents aren't timely.

Having said that, the article also points out that two of the devices they scanned were from police departments and contained documents that, if leaked, would put their previous owners in liability, and the subjects of the documents in jeopardy of blackmail or worse.

I think that,

don't forget the serial # yellow dot pattern

[cinnamon colbert]

It is true - 1st saw this about 8 years ago - that color copiers put a pattern of yellow dots on every sheet; supposedly, the pattern is tied to the serial number of the machine. You can see the dots, at least for some machines, with the naked eye, if you look really carefully and know what to look for. and this is just what we know http://www.pcworld.com/article/118664/government_uses_color_laser_printer_technology_to_track_documents.html [pcworld.com]

How to clear them out?

[schwit1]

Is their a site on the web that lists the procedures for clearing out saved data for each copier/printer model?

I discovered this fact the hard way...

[xandercash]

...(in 1999) when I copied an offer letter for better employment on my current employer's copier, then left for a long weekend. I came back on Monday to find my offer letter pasted all over the company.

Gross

[Stele]

When they eventually get tossed, very few companies bother to scrub them.

With years of ass-stain buildup, who's going to bother scrubbing them? Better to just incinerate the lot. It's the only way to be sure.

Digital Everything

[colmore]

I'm starting to really think that we're making a mistake putting full-fledged computers in everything we build. They allow for an amazing array of features, but it makes fully understanding our machines much more difficult. Security problems like this one are inevitable.

A dumb analog xerox machine is pretty easy to understand, and one that runs on a microcontroller and a few KB of ram (if that) isn't much harder. But who but the most dedicated hacker has any real idea about what is going on inside a modern Xerox. It *might* not have any undocumented "features," but you have no way of knowing. Security has gone from being a matter of applied common sense to involving a large amount of blind trust in these manufacturers.

It's a symptom of a larger issue though. We're rapidly getting away from having a society where a well educated and technically minded person can understand the actual inner workings of the technology they interact with every day. The tradeoff might be worth it, I'm not a luddite. But we should remember that we are entering into a new kind of relationship with our machines,

Do it like lab devices do?

[drolli]

On many modern devices in the lab (e.g. Arbitrary Waveform Generators, Oscilloscopes) the hd can be easily removed withou opening the case. That would be fairly easy. Or: mount the hd firmly but make a slot for a i GB compactflash card containing the encryption key. or store the encryption key on the hd and delete it 1 time per month.

Captain Obvious asks -

[RevWaldo]

Would it really be that hard to make digital copiers that - by default - sanitize their hard drives every night?

They could even reformat the entire drive every week or so if the OS resides in firmware or a 2nd drive.

Re:

[FaxeTheCat]

All the major manufacturers offer options that will delete/overwrite data from the internal hard drive after it has been output. They also offer encryption of all user data on the drives, so that the drive content cannot be read outside of the machine.

As most of the machines in this class now run on Linux, adding that kind of features should be pretty simple.

Re:

[account_deleted]

Comment removed based on user account deletion

Finally an excuse

[sjames]

Wipe those old copiers and fill them with images of your butt to send a message to the industrial spies.