Fears Over Multifunction Printer (MFP) Security Raised by USA Today

Saturday, 06 August 2011 12:00

Photocopier News - General News

A recent article by USA Today journalist, Byron Acohido, has revealed that millions of photocopiers and mutifunction printers(MFPs) stationed in companies worldwide are at risk of attack from cyber-thieves, targeting sensitive business information.

The discovery was made by a team of researchers working for web security firm, Zscaler, who conducted a simple search, uncovering 118,194 HP printer/scanners, 9,431 Canon photocopiers and 3,554 D-link webcams at risk of security compromise. Micahel Sutton, Vice President of Research at Zscaler, said it would be possible for any intruder to access these devices through their on-board server functions, as the company's researchers had done and take control of these devices which were often only predicted by pretty weak passwords. It would then be possible for an intruder to access documents, however sensitive, and steal them.

Sutton added,

"I'd be surprised if attackers weren't already taking advantage," speaking at the Black Hat cyber-security conference on Thursday, "They'd be foolish not to. It's just too easy."

It is a standard practice within the industry to build-in web server software to printers, scanners, photocopiers, webcams and a whole host of other workplace equipment. The practice is there so that technicians are able to access devices and troubleshoot over the internet.

Michael Sutton continued,

"It's a much more convenient approach....The problem occurs when such servers are enabled by default and either not password protected or protected only by a common default password."

But a large number of companies are failing to address the risks by properly locking-down server software in commonplace office appliances. In its presentation at Black Hat, Zscaler revealed that there were similar issues with over 436,947 Cisco routers, switches and other networking appliances which were also equipped essentially as rudimentary web servers. A hacker accessing one of these Cisco devices could monitor network traffic, potentilly even redirect it, stealing documents and login information.

All that is necessary to protect a company's assets from data compromise are some relatively simple measures - identifying and regularly auditing printers, routers and any other appliances which have been equipped as web servers. Sutton recommended that unused device functions should be disabled and strong passwords always put in place.

Canon photocopiers and multifunction printers (MFPs) come equipped with a range of formidable security features, including hard disk data encryption kits and hard disk data erase kits but the Zscaler research shows that device security can only be fully effective when devices are properly understood and the correct settings activated/de-activated by someone who knows what they are doing.

Canon Copiers, which supplies and services the full range of Canon photocopiers and multifunction printers ensures all the devices it installs provide the highest standards of security possible and can provide the most reliable advice to individuals/organisations,taking into account whatever their specific requirements.