Digital Copy Machines - Security Risk?
I just happened upon a CBS News video that gave me pause for thought. This once posted back in April however
I missed it until now.
http://www.cbsnews.com/video/watch/?id=6412572n
The video talks about the fact that "modern" digital copy machines, those sold after 2002, contain a hard
drive. These hard drives store the images copied. These machines are traded in for new models and then
refurbed and resold. However, the hard drives more than likely are not getting scrubbed to remove the content.
One of the copy machines in the video not only contained content on the hard drive but also still had documents
left on the copy bed.
This brings up some interesting discussions. What is on your copymachine hard drive? When it is sent in for
repair what information may be gleaned from a quick glance at the drive? Is your copy machine another potential
target to aid in identity theft?
Food for thought. Should there be processes and procedures in place for the disposal of these devices? Do you
know what other devices in your organization contain a hard drive or other storage device? Is there a process
for cleaning before disposal?
Let me know what you think? What does your company do if anything to ensure that no confidential data is
leaked by disposal of old equipment?
Deb Hale Long Lines, LLC
Comments
Again talk to your vendor or whomever removes your copiers to give you the drive or srub onsite. Vendors acknowledge this, and are helping to protect from this threat. I'm happy to share more details if needed.
Nick
Jun 17th 2010
1 decade ago
You can pull the hard drive, slave it and effectively wipe it with a utility. You can also degauss or destroy the hard drive to eliminate any possibility of data recovery. But since most office equipment is leased, you face potential penalties and charges for equipment that needs to be returned in operating condition. If you own the equipment, you've effectively eliminated any resale value or potential reuse. Pulling the drive to destroy data only seems to make sense for equipment that's being discarded.
It would be interesting to see an article about any hacks that might be available to access the copier's service menus and potentially wipe residual data. I'd be surprised if any older copiers have this capabilitity, but would expect that as new copiers are developed, they'll have a user option to perform a data purge on a recurring basis.
Slowpoke
Jun 17th 2010
1 decade ago
DATA OVERWRITE SECURITY SYSTEM (DOSS)
DOSS overwrites the sector of the hard drive used for data processing after the completion of each job. During the overwrite process, all data is destroyed to prevent recovery. Additionally, DOSS also offers the option of overwriting the entire hard drive up to eight times. This feature may be used at the end of the lease or if the MFP or printer is moved to another department. DOSS may be added before or after the initial system installation.
HARD DRIVE ENCRYPTION OPTION
This option provides security for information that needs to be stored on the MFP or printer and reused again. Examples of information that may need to be stored for reuse include administrator and user passwords and address books. The Hard Drive Encryption Option differs from DOSS in that the information encrypted is not destroyed, but locked up so only authorized users may access the information. DOSS destroys data so it cannot be reused. The Hard Drive Encryption Option and DOSS may be used in conjunction and will not interfere with MFP or printer operation.
HARD DRIVE SURRENDER AT LEASE-END / TRADE-IN vendor offers a hard drive surrender option with which customers my elect to have vendor remove the hard drive from the MFP and give the customer custody of the hard drive before the MFP is removed from the site. Customers then have the discretion to maintain or destroy the hard drive.
Nick
Jun 17th 2010
1 decade ago
I am handling a plotter which according to the mfg specs has an 80 GB HDD. It is actually a 160 GB 2.5" SATA. I will be cloning the original to a replacement disposable. I will be checking for firmware level capatity clipping to reproduce the configuration.
I would not be surprised to find a FAT filesystem with TIFF image files, maybe postscript or PDF.
Encryption would be good, but is it an effective implementation?
This plotter includes overwrite functions as well, a full drive overwrite is estimated to take many hours. I can pull the drive, mount it, execute the embedded ATA overwtite, reimage and reinstall the drive in far less time and meet NIST guidance. I bet the overwrite is some archaic 3, 6, 7, or 35 pass software implemented routine.
The authority on the subject, Peter Gutmann, as I recall last publicly stated that a few random passes is the best you can hope for with modern drives. That was when perpendicular recording was just emerging.
Scott H.
Jun 17th 2010
1 decade ago
As Nick said, most vendors are being very helpful. We are putting together an Memorandum of Agreement to make things a bit clearer on options and ports enabled on receipt and disk wipe on return.
The claim (you mention soemthing above also) "The built-in hard disk of the MFP is automatically protected by a password. This password is stored in the hard disk BIOS and prevents access to the hard disk data, as long as the correct password has not been entered. Therefore, even the removal of the hard disk and installation into a PC, laptop or other MFP would not give access to the hard disk." raises a flag for me. Encryption is an expensive add on. Think they quoted soemthing like $600 a copier.
dsh
Jun 17th 2010
1 decade ago
dsh
Jun 17th 2010
1 decade ago
The recommendation is to wipe the entire HDD when disposing of the equipment. One person I spoke to purchases a replacement HDD and drills a hole through the old HDD and retains it. It would probably be cheaper in the long run to at least replace the HDD.
Mike Rohwedder
Jun 18th 2010
1 decade ago
That there are some copier companies that charge extra for WDE is, to be blunt, for the birds. This should be a basic security measure (then again, gravity 'should' be repealed every time someone moves into a non-ground floor apartment to help with the furniture, and we all know how often that happens.)
Commenter Scott H. is correct, often the drives are formatted VFAT and can be mounted and picked over normally. FTPing into the printer works just as well.
I agree with commenter Mike Rohwedder - physically destroy the drive. Drill presses work well for that, but my favorite technique involves a few screwdrivers to open the drive and a 15-20 pound sledgehammer.
No Love.
Jun 18th 2010
1 decade ago
Yes. There is a risk. This is why by now, all major products (by all majow vendors) offer the ability to encrypt data written to the hard disk and to overwrite it afterwards. This ain't rocket science. It is not trivial,m though. Try erasing a SSD sector for instance - which is why we use traditional hard drives.
But hard drive theft is not really common, to put it mildly. If you are concerned, buy or enable the repective feature in your MFP. Compared to machine price, this is a small amount of money to spend. Mind, though, that the overwrite costs time. While the machines will typically encrypt/decrypt AES utterly fast (AES being the main standard for this), scans and print jobs can use a lot of space. Overwriting this up to (say) seven times can have a negative influence on performance.
You can also ask to buy the hard disk after the lease time. As vendors cannot gaurantee that just any hard disk will work in a certain MFP, expect to pay spare part prices, which are a bit higher than what you would pay in your friendly neighborhood computer shop.
But we are worrying about a minor issue by comparison. The "SiFo Study 2009" claims that 70% of attacks leading to loss of intellectual property are caused by own employees.
What happens?
FIrst, there is the waste paper basket. Have one next to your MFP? Don't worry about a data security kit. People will discard almost everything using the most convenient method. Dumpster diving is much easier than extracting copier data from a hard drive with a proprietary file system which you also had to steal in the first place.
I'd replace it with a shredder or a locked document disposal container offered by specialized companies.
The bigger MFPs often have their own room, traditionally called the copier room.
You print, walk to the copier room, pick up the job waiting for you. Unless someone else was first. Or you went to lunch, can't find your output and blame it on your memory ("I msut have forgotten to print it, then!"), or your equipment ("Stupid print server ate my document!"). Also, somone really clever could have taken your interesting print job, copied it (MFPs can copy, after all) and replaced it. Would you notice?
This is why confidential printing standards (print job is held until you authenticate to the machine) are an industry standard. Free. For more comfort, consider a product offering follow-me printing. Walk to ANY MFP in the building and have your print job sent to it.
If you are serious about MFP security, use something released by the German BSI, the Federal Office for Information Security. They let you download for free the English language version of their "module B 3.406".
The URL right now is https://www.bsi.bund.de/cae/servlet/contentblob/479612/publicationFile/28017/moduleb03406_pdf.pdf
What else?
You could compare Security Targets of Common Criteria certified solutions. Differences in vendor assumptions regarding operating conditions can tell you a lot about the strength of the solution. ("Need to trust admin and change PIN every 90 days" sounds better to me than "Need to trust admin, all users, service engineer - and must keep machine in locked room all the time.")
Best regards,
Jens Stark
(Open to comments, curses, complaints and discussion at <firstname>@<lastname>.net)
Jens Stark
Jul 15th 2010
1 decade ago