Hard Drives in Photocopiers
Nearly every digital photocopier sold since 2002 stores images of whatever it copies on an internal hard drive. This enables conveniences like printing copies of frequently needed documents without re-scanning them. But stored documents can also be a security or identity theft time-bomb. Consider what may be on that copier's hard drive when you or your employer trades it in or otherwise disposes of it... |
Is the Office Copier Telling Your Secrets?
"Photocopier dealers report an appalling array of sensitive data left on copier hard drives when they're traded in or delivered for repairs. Birth certificates; Social Security Numbers; bank account statements with the account numbers plainly displayed; income tax forms; customer lists; and more. That kind of information would be very valuable to competitors or identity thieves.
In a recent security experiment, CBS News accompanied John Juntunen to a New Jersey warehouse in which used photocopiers were stored. Juntunen owns Digital Copier Security, a firm which tries to alert copier owners to security vulnerabilities and offer solutions. I say "tries" because, as Juntunen told CBS, "Nobody wants to step up and say, 'we see the problem, and we need to solve it."
Juntunen picked four used copiers based on the number of copies they had printed, a number conveniently displayed on the console of each machine. He paid a total of about $1,200 for them. Then he took them back to his shop to see what information he could retrieve from their hard drives. The results were startling.
One machine didn't even have to be plugged in to cough up secrets. Paper documents were left on the scanner bed. That copier came from the Buffalo, NY, Police Sex Crimes Division. As Detective Steve McGarrett of Hawaii Five-O used to say, "That's nice police work there, Dann-o!"
It took Jununten about 12 hours to download tens of thousands of documents from the four machines, using forensic software freely available on the Web. Here are examples of what he found:
- The Sex Crimes Division copier coughed up detailed reports of domestic violence incidents.
- A second copier from the Buffalo Narcotics Division named targets of drug raids and gave their addresses.
- A copier from a construction company spewed employees' pay records including names, addresses, and Social Security Numbers; plus, copies of company checks that could be digitally doctored into blank ones before printing.
- The fourth machine, from Affinity Health Plan, contained over 300 patients' medical records and personal identification information. Letting such info go out the door is a federal patient privacy law violation.
In 2008, digital copier manufacturer Sharp Imaging commissioned a survey on copier security that found 60 percent of Americans "don't know" that copiers store images on a hard drive. Even after warning its customers, Sharp found that they just don't care. You should care, obviously, if you ever copy anything that's personal or not work-related on the office copier. Never mind the possibility that the boss might be able to see what's on there. You should be worried about what happens to those digital records after the copier leaves the office.
So obviously steps should be taken to erase your copier's hard drive before disposing of it. Discuss with your copier service provider how to ensure that the hard drive is securely wiped at the end of your lease, or if the machine is sold or junked. Better still, arrange to have the hard drive removed and delivered to you. Then you can destroy it, or otherwise ensure that your data won't fall into the wrong hands. See my related article How to Destroy a Hard Drive for tips on making sure the data on a hard drive cannot be retrieved.
Oh, and don't forget to remove the last documents from the scanner bed and feeder tray. Does your photocopier have a hard drive inside? Post your comment or question below...
This article was posted by Bob Rankin on 21 Sep 2010
For Fun: Buy Bob a Snickers. |
Prev Article: Online Photo Printing |
The Top Twenty |
Next Article: Internet Explorer 9 Beta |
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- Hard Drives in Photocopiers (Posted: 21 Sep 2010)
Source: https://askbobrankin.com/hard_drives_in_photocopiers.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Hard Drives in Photocopiers"
Posted by:
Bill Sturgeon
21 Sep 2010
Bob: What you didn't address is what about our home printers that have copy/scanning capability. Are they too storing data?
EDITOR'S NOTE: As far as I know, it's only the big office machines that have hard drives inside.
Posted by:
ProfessorGT
21 Sep 2010
I believe activists should demand of the copy machine manufacturers an option on-screen that allows immediate non-recoverable erasing of the hard drive file, after they are done with the cop/scan job at hand.
This would ensure critical data is not compromised. Really, there is no good reason to have these files stored on- board, unless there is non-critical data that needs to be repeatedly accessed over time.
Can you say - identity theft?
Posted by:
steven
22 Sep 2010
I actually sent this question to ask Leo. He said it was no secret, just like you did. One question I did not ask was is this a standard size hard drive? I have looked for it when it jammed, but couldn't find it. Unless it is sealed in a hidden area. It is from Xerox. At home, I can't remember the model number. I think it was the Xerox work center 985. Somebody should sue these companies.
EDITOR'S NOTE: Based on this photo, it seems they use standard hard drives. http://www.svtuition.org/2010/05/office-photocopiers-have-hard-disk.html
Posted by:
Michael Kraft
23 Sep 2010
I am guessing that very few people are familiar with this security vulnerability. My position brings me in contact with a number of businesses where data security is paramount. I don't recall seeing a data security plan that covers photocopiers, especially when considering just servicing them, as opposed to wiping them clean when they are retired.
Michael S. Kraft, Esq.
www.kraftlawfirm.com
Posted by:
ecmasonjr
23 Sep 2010
"Posted by:
ProfessorGT
21 Sep 2010
"I believe activists should demand of the copy machine manufacturers an option on-screen that allows immediate non-recoverable erasing of the hard drive file, after they are done with the
cop/scan job at hand."
That option is now almost always available, of course it's not free. If it's that important to you, buy the option.
Posted by:
Ken Mitchell
23 Sep 2010
Hi, folks.
Bill Sturgeon: Yes, it's only the bigger office copiers and printers what have hard drives.
Michael Kraft: Check out Caltronics Business Systems, where I work; www.caltronics.net. Go to the bottom of the page and click the "HDD Security Update" link. We physically destroy all the hard drives for copiers returned after a lease. You want better? For a nominal fee, you can buy the drive from your copier and keep it.
For all; many copier models offer a "secure delete" option. You can program your copier to automatically triple-erase files from your HDD, in accordance with DOD specs.
I can't speak for every copier manufacturer, but most of them use fairly standard IDE or SATA drives.
Posted by:
Jim Sinsky
23 Sep 2010
I work for a state agency that deals with confidential medical records. We regularly copy income information and other personal information such as Social Security cards and ID's. Here is a link to a paper Xerox has that is specific to our copy machines used in hundreds of our offices. Section 3 deals with the hard drive.
http://download.support.xerox.com/pub/docs/WC4150/userdocs/any-os/en/WorkCentre_4150_sov.pdf
Posted by:
Bryan314
25 Sep 2010
Of course, what MOST of us never think about is what happens when we make copies in public (eg officemax/depot/staples/etc). I never even thought about it till now...and any option for deleting a file is not at all obvious to a casual user.
Posted by:
nunya
25 Sep 2010
I work for a copier company (which I won't name) and I really think your scaremongering is bad for our industry.
"I believe activists should demand of the copy machine manufacturers an option on-screen that allows immediate non-recoverable erasing of the hard drive file, after they are done with the copy/scan job at hand."
This option IS available, and ecmasonjr is wrong. The option is there, you don't have to buy anything. Anyone who says that you do does not know what they're talking about because they're full of it and not in the industry.
EDITOR'S NOTE: Okay, fine, but how about adding some USEFUL information to your invective? Tell us how to use that option on 2 or 3 of the most common office copiers.
Posted by:
Glenn P.
28 Sep 2010
OF COURSE, most if not all of this would all just GO AWAY if the manufacturers would simply use volatile memory (i.e., RAMDrives) for their data storage instead of actual harddrives, perhaps with a battery backup. When the time came to junk the copier or return it after lease, it would (or should!) get unplugged and any battery removed, and -- hey, presto! -- the virtual drive is instantly purged of any uh, shall we say, "embarrasing" (as opposed to "incriminating") data.
Posted by:
George A Butel
02 Oct 2010
It's not just scanners that pose a risk. If you share a pc with anyone and scan from it, then you may be unknowingly saving all of your scanned files. ArcSoft's PhotoStudio is a nice program, but it has the annoying habit of saving scanned images in My Pictures even when you tell it to "save as" somewhere else. So it eats up your hard drive space as well. That is not the only program that automatically saves originals. With PhotoStudio, under preferences there is a setting to specify the cache, but that does not seem to affect it storing the original scanned images.
Posted by:
Stan
02 Oct 2010
How about the story of copiers (office types) that are said to store copies in some kind of memory (non-harddisk?), for national security organizations to recover? I think to have heard something like that. Is that a true story, or is it a hoax?
Posted by:
SFC (ret) Walter M. Clark
08 Oct 2010
I retired from the U. S. Army in 1992 and we were already concerned about secret information remaining on the copier after use. This was before copiers (at least the ones we used) had hard drives. We always copied a few documents that weren't secret or confidential before shutting the copier down for the day. That way (we were told) there wasn't a classified image left on the drum. If I were still in the military I could tell you what they do now.
Posted by:
rtmtech
11 Dec 2010
Our Ricoh rep told us that for $500.00 they can make the drive secure. That should be free.