|Homepage / Publications & Opinion / Silicon.com
The hidden security threat in your office - printers
The office devices that never forget sensitive documents...
Written in Pentagon City and dispatched to silicon.com from a coffee shop in Washington DC via a free wi-fi service.
Memory used to be expensive and rare but now it is cheap and in everything - and represents a hidden security risk.
I often ask people where their data is stored. They give me the usual answers, such as computers, back-up drives, memory sticks and server farms. But no one cites copiers and printers. Yet they have memory too, and some have hard drives and not just RAM.
Most photocopiers built since 2000 contain hard drives that store images of every document copied, scanned or emailed by the machine. What happens to these machines at the end of life? They are sold off as 'pre-used' or scrapped and shipped all over the world to places including India, Russia, China and South America.
This practice poses a serious threat to companies and individuals. A CBS reporter recently demonstrated the security implications and the scale of the problem. He visited a warehouse loaded with second-hand photocopiers destined for resale in Argentina and Singapore. Having bought four of them for about $300 each, he returned to base and in less than 30 minutes had the hard drives dismounted.
Using free forensic software readily available on the internet, he accessed the contents of each drive. The results were shocking. The first machine had data from Buffalo, New York, Police Sex Crimes Division, which included details of domestic violence complaints and a list of wanted sex offenders.
Are you aware of the security risk your photocopier poses? (Photo credit: Shutterstock)
The second photocopier, from the Buffalo Narcotics Unit, contained a list of targets in a major drugs raid. The third, from a New York construction company, contained detailed designs for a building near Ground Zero in Manhattan and 95 pages of pay stubs with names, addresses and social security numbers.
It gets worse. The most disturbing results were found on the fourth machine - from Affinity Health Plan, a New York insurance company - which yielded 300 pages of individual health records. These included everything from drug prescriptions, to blood tests and a cancer diagnosis.
In 2008 Sharp Copiers commissioned a survey on security and found that 60 per cent of respondents were unaware that copiers stored images. People were also unaware of, or unwilling, to pay for security packages offered by most major copier manufacturers, which automatically encrypt or erase an image from the hard drive.
Does it stop there? Does anybody know what happens when you dispose of a standard printer? They have RAM, and lots of it. Are we sure it is volatile, or does it remember the data for a long time? It is supposed to be volatile and non-permanent but I wouldn't make that brave assumption.
My advice, and I have said this before, is either to use a 2kg hammer or a good quality software tool to delete everything. Myself, I much prefer the hammer.