Being an expert in the industry for over 30 years and being an avid Twitter user, I started seeing the comments come fast and furious about business and personal information on copier hard drives. I was aware of this years ago as were many copier manufacturers, most if not all manufacturers closed this loophole in the hard drive security many years ago.
The machines in question were bought for a few hundred dollars each, we all found it quite coincidental that all 4 machines had so much information. Here's what one Print4Pay Hotel member stated, "Not much chance that you'd buy 4 machines at random and then find out that you hit the jackpot with a police sex crimes division, a health care company and an architecture firm with plans of a building near ground zero, all on the day CBS decided to follow you with a camera", and another "I wonder how many copiers in that NJ warehouse have shipping paperwork attached or simply lying under the ADF. Wouldn’t an identity thief looking to purchase a copier be able to browse the NJ warehouse looking for shipping paperwork from financial institutions and turning down copiers being returned from “Mom & Pop” businesses?"
Another point with the report, in the video it showed the documents, I paused the video several times to get a date on the papers and none of them seemed newer than 2008, meaning that these copiers were most likely leased in 2003 time frame. Prior to 2003 Digital Copiers were in the infancy of development with only a few manufacturers had addressed security with hard drives on their units.
It's time to stop beating up on copiers, what about all of the old pc's that were thrown out or returned to leasing companies over the years, did anyone take the time to scrub those drives or remove them. Here's another post from a Print4Pay Hotel member "Did you know that if you format a hard drive that the data can still be recovered? There are wipe methods to prevent software recovery and hardware recovery. The dept. of defense has a specific 7 pass sanitize method that Sharp utilizes. That will prevent hardware recovery. However no matter where the hard drive comes from there have been documented cases of reverse engineering to bypass the wipe method. If know the wipe method used. This is why the specific methodologies are top secret and you can customize your sanitation method that is unique to prohibit this reversing process. The maximum security is 35 passes to sanitize the HD. This is based on Peter Gutmanns' paper "Secure Deletion of Data from Magnetic and Solid-State Memory". The method is designed to erase data regardless of disk raw encoding. It effectively removes the magnetic remnants from disk, preventing hardware recovery tools from restoring any data.
I knew someone that had a HD in which they took a sledge hammer to. Broke the HD platters in many chunks & pieces. Guess what? That was not enough. Data was still recovered from chunks that were encrypted.
So the best thing to do is pulverize your HD's to dust then you can rest assured everything is gone. Sharp was the first to address security in digital imaging and received the first Common Criteria Validation for an MFP in 2001."
Over at the Print4Pay Hotel there were over 25 threads in reference to the above topic, general consensus, the report made good TV, also its old news in the copier industry and the industry has incorporated numerous security measures on the latest devices.
BTW, when was the last time you checked to see if your high end laser printer had a hard drive? Most likely it does, but it's easier to bash copier companies.
-=Good Selling=-
2 comments:
Yup, forgot to mention P4P members for thier input on this!
Well said!!!
Post a Comment