Doomed by the Copier

If you’re running a networked copier, you’ve probably already figured out that they can be security nightmares if the manufacturer is clueless. Network copiers are basically appliances designed to allow you to print via the network, run copies, or scan something at the copier and pick it up from your desktop computer. To provide this functionality they often have a full featured operating system sitting underneath them.
In the first generation of copiers at my company, security wasn’t even considered. As a result, we were running a Canon copier which was running Windows NT 4. Its administrator password was blank and since it was an appliance we weren’t supposed to patch it lest the warranty be voided. Needless to say when blaster came out, we yelled at the copier tech who got a patch canon had released months earlier.
The other copiers from Toshiba were running Linux. More secure right? Not hardly. Its like connecting Red Hat 7.2 to a network. All the services are available and none of them are patched.
We recently upgraded to some new copiers and it was gratifying to see that the vendor had more of a clue. No longer are all the services network available by default. One thing I didn’t like is that disk wiping was a security add on. To wipe the drive prior to return you needed to pay more money to the vendor. Who knows how much data is retained on those hard drives that have spooled everything you’ve printed.
If it can be hooked up to the network, it can be a network security problem.