MUST READ: Microsoft unleashes bug bounty program — for betas, too

Topic: Security

Hackers use Google to access photocopiers

Summary: Making copies of something important? Photocopiers are the latest networked devices to fall prey to hackers armed with nothing more than Google's search engine

Dan Ilett

By Dan Ilett |

Hackers are using search engines to watch what people photocopy.

Using Google hacks -- requests typed into the search engine that bring up cached information on networks -- hackers are discovering and using login details for networked photocopiers so they can watch what is being copied.

"You don't have to be a genius to do this," said Jason Hart, security director at Whitehat UK. "You can see what people are photocopying on your monitor. You just have to search for online devices on Google."

Google stores billions of Web URLs and information sent from Web servers. Some Web servers, if configured incorrectly or left to default, can accidentally broadcast network information, such as IP addresses, login details and device information. Google, like many other search engines, stores this information, which can be recalled at any time.

"Essentially Google caches everything on the Web," said Hart. "By inputting commands into Google you can extract information and use it as a reverse-engineering tool."

Hackers have been using Google hacks for some time -- exploiting photocopiers is only a recent example of compromising online devices. Hackers also use the search engine to view logged conversations on the Google computer groups list. In these, techies often share network information, such as logins, and their company domain name when they post their email address with a message.

Hart added: "If you look at a firm's domain you can see all their security questions which means you can see their network infrastructure. [Hackers] wait for people to come along and say: 'I've been put in charge of security but don’t know much. Can you help me?' The hacker helps out and gets their trust until they get the passwords to the firewalls."

Hart advised that security staff should regularly check Google for cached information on their firms' domain names. He said that if using public forums to solve problems, participants should sign in using an anonymous e-address.

"You can ask Google to take certain information off its site," said Hart. "It's always worth taking a look at. It's a simple check, but worthwhile."

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

16 comments
Log in or register to join the discussion
  • Absolute rubbish, you can open a web page but not the documents.
    Prove it otherwise.
    anonymous
    Reply Vote
  • My boss saw this article and now he's asking me to find out if our products are vulnerable (we make printers/photocopiers), but there is not really much detail in the article.
    What commands would have to be entered from Google? Where are the photocopies being stored prior to being accessed by "hackers"?
    If you are willing to tell we where you got this information, it would make my job a lot easier.

    Thanks,
    Ryan W. Paul
    anonymous
    Reply Vote
  • Don't we have enough real security concerns in the world without articles like this? The information in this article is misleading, at best, and the implications it makes are simply false.

    The implication is that one can simply "search for online devices" and "what what people photocopy" is entirely unfounded.

    Yes, one can obtain user credentials from web servers that are not properly secured--but doing so is not trivial. And using those credentials to get some amount information about photocopied jobs is theoretically possible--if the photocopier is available on the network, improperly secured and improbably designed--all of which are *large* IFs.

    There's enough confusion and concern over security and technology in the world. ZDNet's choice to publish bunk like this and fan the flames of confusion is unfortunate.
    anonymous
    Reply Vote
  • This article made very little sense. I was unable to understand the connection between photocopiers and google.
    anonymous
    Reply Vote
  • Go read *this* ZDNet article if you want specifics. I tried it and oh my are there are lot of IIS servers not protected.

    As for what kind of photocopiers, they're talking about multifunction or all-in-one devices that are connected to a network which is connected to the Internet OR they contain a fax option and have a modem installed.
    anonymous
    Reply Vote
  • Please provide link for the referenced article. Thanks!
    anonymous
    Reply Vote
  • The comments are a cause for concern since it shows that many people responsible for system maintenance do not understand some of the fundamental aspects of systems and networks. A few comments for them to consider

    As networks become more intergrated and exposed to the Internet at large. Hackers using Google can locate systems that are online and have not been correctly configured or slack processes have revealed sufficient information for their system to be exposed to the Internet in the public domain.

    Most systems these days manage objects these may be files, printers, scannerrs etc. This includes printers. Networked printers may be limited in their use by users but have you protected the spool space. Here is where much sensitive information may reside and lack suitable protection.

    I think the object of the item was to suggest that administrators occassionally search google for reference to their domain name. There may be a nasty shock for you if your system is not correcty configured if so find an consultant experienced in securing systems starting with a firewall and then how you system manages logon processes
    anonymous
    Reply Vote
  • I found it by searching for "photocopier" on zdnet, but it seems to be identical.
    anonymous
    Reply Vote
  • It is POSSIBLE that a hacker gets user credentials from a not fully
    secured web server, but only a few of those credentials lead to
    useful information specialy about photocopiers, there are alot of
    elements starting from design ending at security that all take
    action in such a matter.
    Yes "THEORETICALLY" it is "POSSIBLE", but "IN ACTION" it is
    "ALMOST IMPOSSIBLE" and it doesn't even worth trying searching
    such a huge load of data.
    anonymous
    Reply Vote
  • I can only talk for Canon photocopiers who my company Digipro supply but this simply is not possible as you cannot scan and copy at the same time.

    http://www.digipro.co.uk
    anonymous
    Reply Vote
  • dude, copiers now have ethernet cards in them. they work as networked office printers. they can also scan documents too. they have document management services such as put a document on the glass, press the button, scan it, it saves it to a hard drive inside the copier, and then go to your desk, browse to the copier's ip and retrieved the scanned document so that you can file it, attach it to email, paste it in word, whatever. If a company's net is open, google will spider their internal network and find the stuff and cache it on google's search engine and you can see it in google's cache. understand??
    anonymous
    Reply Vote
  • http://tstokke.eerc.und.nodak.edu/parser.cgi?index2.html

    Try that idiot!
    anonymous
    Reply Vote
  • OK lets try and put this one to bed and by the way I am only speaking on behalf of Canon Photocopier Machines my company Digipro sells (did I mention that already).

    A fully featured canon digital copier has the facility to copy print scan fax and email a document. The user chooses what he wants to do with a document. If they choose to copy, the canon copier prints the image. That's is why the article is incorrect with Canon as there can never be a vulnerability whilst photocopying because the own users network doesn't even have access whilst photocopying.

    If the user chooses to scan it will scan and dependent on which model canon you have it will either send directly over your network "push scanning" or you can retrieve the document from the copier from your pc "pull scanning".

    If user chooses to email or fax the document will be sent accordingly.

    On any files emailed or scanned a user should take normal security precautions on there network. I use Zone alarm.

    In response to post to Fiery website. Fiery is a print server renowned world wide and capable of handling large graphic files. Again its not used at all when photocopying.
    In the present canon market fiery is only used for colour printing and very high volume black and white printing, they have also introduced a scan facility.

    Regards

    Greg
    http://www.digipro.co.uk
    anonymous
    Reply Vote
  • It is possible to extract sensitive information from photocopiers, but it depends on how they were installed onto your network and the make of the photocopier.
    anonymous
    Reply Vote
  • Human stupidity and social engineering is the greatest flaw. Hacking? Pfft. Any techie can do simple hacking. Only flaw I see here is human stupidity in trusting others with sensitive information.
    anonymous
    Reply Vote
  • I think that you cannot access photocopiers from a search engine without having network permissions. who would want to see the details (not images) of files that have been printed to a photocopier.

    I sell copiers and have never heard anything like this from over 1000 clients.

    Jon Tribe
    http://www.falconcopiers.co.uk
    anonymous
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close