
Digital Photocopiers Loaded with Secrets (2010) - artsandsci
https://www.cbsnews.com/news/digital-photocopiers-loaded-with-secrets/?ref=
======
kakwa_
I've seem a similar mistake nearly been made.

There was a printer (the big, one cubic meter, enterprise type) in a sensitive
air-gaped network that was not used anymore, and there was a plan to reuse it
on the main network.

It was nearly installed when I saw it and mentioned that these things have
hard drives in them to my Security Officer over a coffee.

It was promptly removed after that.

This organization was quite conscientious about this kind of stuff, every
disks was labeled, regularly inventoried and crushed in presence of the
Security Officer when not used anymore.

But these printers can easily be mismanaged as people don't realize they are
basically computers that see tons of information.

~~~
golergka
That seems like a highly unusual organization in terms of how well it manages
it's security and how seriously does it take it. Does it specialize in it?

~~~
kakwa_
If you are touching sensitive systems, like military infrastructure, nuclear
power plant, law enforcement, banks, it's not uncommon at all.

In some cases, mostly governmental stuff, you can be personally liable if you
misplace accidentally documents or other sensitive pieces of information (like
a spending a few years in prison).

------
btown
> from Affinity Health Plan, a New York insurance company, ... we obtained the
> most disturbing documents: 300 pages of individual medical records. They
> included everything from drug prescriptions, to blood test results, to a
> cancer diagnosis. A potentially serious breach of federal privacy law.

> As for Affinity Health Plan, they issued a statement that said, in part, "we
> are taking the necessary steps to ensure that none of our customers'
> personal information remains on other previously leased copiers, and that no
> personal information will be released inadvertently in the future."

For comparison, per
[https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf](https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf)
\- "As required by section 13402(e)(4) of the HITECH Act, the Secretary must
post a list of breaches of unsecured protected health information affecting
500 or more individuals."

Of course, any single breach of a copier would be limited to the individuals
whose documents touched that copier, and might come under this threshold.
Affinity is not on the list at the moment - this may be because the news only
just broke.

But do the regulatory bodies say "Affinity, you were found to not have a
procedure for properly disposing of copiers, so we need to assume that you've
leaked health information from EVERY disposed copier historically?" Only then
would it be treated with the same seriousness that e.g. HIPAA-compliant SaaS
services are expected to treat security. Just because copier hard drives
aren't networked software doesn't mean that they don't have network-scale
security problems.

~~~
wrs
[https://www.hhs.gov/hipaa/for-professionals/compliance-
enfor...](https://www.hhs.gov/hipaa/for-professionals/compliance-
enforcement/examples/health-plan-photocopier-breach-case/index.html)

"Affinity Health Plan, Inc. will settle potential violations of the HIPAA
Privacy and Security Rules for $1,215,780. OCR’s investigation indicated that
Affinity impermissibly disclosed the protected health information of up to
344,579 individuals when it returned multiple photocopiers to a leasing agent
without erasing the data contained on the copier hard drives."

------
atVelocet
"One of the copiers had documents still on the copier glass, from the Buffalo,
N.Y., Police Sex Crimes Division."

No comment.

------
vasili111
What about personal (home versions) Photocopiers, Scanners and Printers? Did
they store similar information too?

~~~
crankylinuxuser
Well, probably not, at least for document storage. Although you could take the
thing apart and use a bus pirate and interrogate the flash chips onboard, to
see what goodies are there. My guess is its just firmeware. Storage is still
too expensive for a junk consumer model, to dump TBs of storage.

Now on an office copier, of course they do that. But that's what the target
here is.

If you have a printer, it likely puts the yellow dots on it.

------
NegativeLatency
> One product from Sharp automatically erases an image from the hard drive. It
> costs $500.

Storing the images isn't a bug, it's a feature.

------
dsfyu404ed
This has been known for a long time now. Articles like this pop up from time
to time. Competent IT departments pull hard drives before copiers are gotten
rid of.

~~~
michrassena
And most of them have the option to secure erase either after every scan, or
on a schedule. But it's amazing how few people outside of IT know that most
devices have embedded websites, let alone the security implications.

~~~
djsumdog
Secure erase of a metal/spinny drive is really not enough. There are data
recovery companies who can pull data on metal hard drives from hundreds of
writes in the past.

These hard drives should be pulled and re-purposed internally for sensitive
information in data centers (to reduce waste), and if they can't be, they
should be physically destroyed. (US government agencies shred or melt drives).

Ideally, copier companies should (if they insist on not removing the drives)
encrypt them by default. That way when you "wipe" the copier for sale, it just
deletes the encryption key from flash memory. Then the bar for data recovery
becomes incredibly difficult and you don't have to waste the drive.

~~~
tinus_hn
That only works on a disk using a format from the 90s. On a modern disk once
you overwrite a sector the contents are no longer retrievable. There are no
companies that can read a sector that has been overwritten. They can only
recover damaged drives and files that have been deleted by the operating
system and not been overwritten.

On the other hand, deleting flash memory is very difficult because the
controller doesn’t really do what you ask it to do.

~~~
BoorishBears
These days controllers have secure delete / wipe commands too

------
mathieubordere
Why do they store everything?

~~~
RachelF
Not everything, but think of the workflows they are used for:

Printing: They spool print jobs to their hard drive before printing.

Scanning: They create temporary image files for ocr and pdf conversion. These
files then need to be emailed to a user or sent via a file server.

Photocopying: Temporary image files are also created. Photocopying on a
digital copier is effectively a scan then print operation.

~~~
deadmetheny
A more apt question would be "why are these files being stored after the
device has finished doing whatever it needed to do with them"

~~~
tzahola
Because they weren't overwritten with zeroes.

~~~
scrumption
then another question: why even bother building in a hard drive large enough
to store hundreds of documents? certainly a circular buffer 1/1000th the
capacity would be cheaper?

this makes no sense no matter how many one line hand-waves you make

~~~
jlgaddis
1\. Cost. It is (presumably) much cheaper to use the same COTS SATA HDDs that
are used in desktop PCs.

2\. Since now your copier/printer/scanner/fax/coffee machine has a 500 GB in
it, what are other ways we can take advantage of that space? Save a copy of
every printed document ("for compliance"), e-mail documents straight to the
end user, dump scanned documents (PDFs) straight into a network share (or run
such a share on the device itself), cost accounting (by user or department or
...), "hold" printed documents in the queue until the user actually shows up
at the printer to retrieve their print job (they can quickly/easily "release"
it -- prevents other users from inadvertantly seeing documents they
shouldn't), and ...

\---

 _Off-topic edit:_ Right after I wrote this comment, I remembered how years
ago it was possible to "bounce" TCP connections off of HP JetDirect devices. I
had a cow-orker that was overly paranoid and always had a terminal window open
tailing the logs on his workstation. The look on his face and his bewilderment
as be watched his PC slowly being port scanned by a 10-year-old printer in a
building 60 miles away (but still within our network) was absolutely
hilarious.

~~~
DoofusOfDeath
> I had a cow-orker that

I'm sorry if my English isn't that great, but what does it mean to "ork"?

~~~
jlgaddis
cow orker: n. alternatively: cow-orker

[Usenet] n. fortuitous typo for co-worker, widely used in Usenet, with perhaps
a hint that orking cows is illegal. This term was popularized by Scott Adams
(the creator of Dilbert) but seems to have originated earlier in a 1997
ScaryDevilMonastery.

\-- [http://wiki.c2.com/?CowOrker](http://wiki.c2.com/?CowOrker)

------
liveoneggs
fax machines used to leave copies of everything on the
roll/ribbon/drum/whatever too. Especially the ones in sealed plastic were
often just a giant roll of carbon paper with everything you've ever
sent/received on it.

~~~
shkkmo
Wouldn't the carbon paper only have everything you've received?

~~~
liveoneggs
good catch.

------
metaphor
Worth noting that NIST has published a brief report[1] providing risk
management guidance on this security concern.

[1]
[http://dx.doi.org/10.6028/NIST.IR.8023](http://dx.doi.org/10.6028/NIST.IR.8023)

------
syshum
Given this is from 2010 perhaps people should look at current practices before
freaking out.

Almost all modern copiers employ some kind of Disk Encryption so this issue
has largely been resolved.

[http://siica.sharpusa.com/Document-
Systems/Security](http://siica.sharpusa.com/Document-Systems/Security)

------
yaccz
Its from 2010

