USA Today reports on a security and privacy question connected with Internet-connected office equipment:
Researchers from Web security firm Zscaler ran a simple search and easily located 118,194 Hewlett-Packard printer-scanners, 9,431 Cannon photocopiers and 3,554 D-Link webcams equipped as Internet-connected Web servers.
Any intruder could do the same thing, then take over control of devices protected by weak passwords, says Michael Sutton, Zscaler’s vice president of research. The intruder could then steal images of documents stored in a copier’s memory or take control of webcams placed inside a work area. […]
Web server software today gets built into most printers, scanners, photocopiers, webcams, DVRs and other common workplace equipment. This is done to make it easy for technicians to troubleshoot the devices and change settings over the Internet.
“It’s a much more convenient approach,” says Sutton. “The problem occurs when such servers are enabled by default and either not password protected or protected only by a common default password.”
Yet, many companies aren’t bothering to lock down server software in commonplace office appliances. Zscaler also easily located 436,947 Cisco routers, switches and other networking appliances equipped as rudimentary Web servers.
An intruder taking control of a Cisco device could monitor and even redirect network traffic, gaining prime position deep inside an organization’s network to steal authentication log-ons and proprietary documents. […]
Some simple protection measures that companies can take include identifying and regularly auditing printers, routers and other appliances equipped as Web servers. Unused functions should be disabled, and strong passwords put in place, Sutton says.