Sharp Rubber Duck

Copier + Hard Drive: A Dangerous Combination

April 22, 2007

It sounds like a slam dunk: Put a hard drive into a standard photocopier, so (depending on the copier's configuration) you can have a digital version of anything you run through the machine. That way, if the original is ever lost, you can always run back to the backup. (I hadn't realized this, but copiers have been including hard drives for five years now.)

But now people are finally waking up to the wrinkle in this plan, which should have been obvious: What do people use copiers for, anyway? Yes, for company flyers and employee manuals, but also for tax returns, insurance cards, photo IDs, and Social Security paperwork. Now what happens when that copier gets old and is sold on eBay? Gulp.

Copiers are hardly highly-secure devices, and such data could be accessed via a network connection, too.

The wake-up call is, surprisingly, being delivered by Sharp, a manufacturer of these devices. The company polled Americans and found that 54 percent of those surveyed had no idea that photocopiers stored digital versions of everything put on the glass. Count me in the majority, I guess.

What to do? Naturally, Sharp (and presumably other companies too) are promoting its newer copiers, which encrypt digitally stored copies and "virtually shred" recent ones so they can't be recovered. If you've got such features on your office machine, make sure you use them. But also remember that next time you make copies at Kinko's or another copy shop, you could be leaving behind a copy of anything you reproduce. Behave accordingly.

More of the story from Computerworld.

Photocopiers: The newest ID theft threat

Newer models have hard drives that record what has been duplicated

Photocopiers are the newest threat to identity theft, a copier maker said today, because newer models equipped with hard drives record what's been duplicated. At tax time, when Americans photocopy tax returns, confidential information may be easily available to criminals.

"Consumers and business owners will photocopy highly confidential tax forms containing Social Security numbers, employer identification numbers and other sensitive information in places outside the home, leaving them vulnerable to digital theft," Ed McLaughlin, president of Sharp Document Solutions Company of America, said in a statement.

At issue are the hard drives embedded in most copiers and intelligent printers manufactured in the past five years. Data is stored on the drive before a document is copied or printed; unless security provisions are in place, the data is stored unencrypted and remains there until the drive is full and new data overwrites old.

Sharp, a major copier maker, commissioned a survey that found 55% of Americans plan to photocopy or print out copies of their tax returns and supporting documents this year. And almost half of that number will do so outside the home, using copiers and intelligent printers at their offices or public machines at libraries and copy centers.

"Everyone forgets that there's data in there," said Avivah Litan, an analyst at Gartner Inc. "Copiers and other intelligent devices like multifunction printers are very exposed in the enterprise. They're open to attack via modems, and people forget about changing the default passwords."

Sharp's survey also indicated that 54% of those polled had no clue that digital photocopiers store an image of what's duplicated and that a majority believed running off returns on copiers or printers is a safe practice. When told of the security threat posed by unsecured hardware, however, two-thirds of the people surveyed said they were less likely to copy their financial information on a public digital photocopier.

"I've not heard of any cases of ID theft [from photocopiers]," said Litan. "But there is certainly ID theft in public places like Internet cafes and from kiosks, so I don't see why it couldn't happen at someplace like a Kinko's."

Sharp was one of the first photocopier makers to offer a security kit that encrypts data on the hard drive and "shreds" each copied document by overwriting the image after it's printed. Rival Xerox Corp. introduced similar features on its machines last year.

"We've told enterprises that they should change the password from the default on copiers and [multifunction printers]," said Litan. "They should disable all services that they don't need and make sure that the data modem is separate from the fax modem."

Send this page to your friends..

Prior | Tell us what you think | Next

Add to Your Social Bookmarks: Del.icio.us Digg Furl Reddit Simpy Spurl Y! MyWeb - Netscape StumbleUpon