Printers, photocopiers & most office equipment have become a target of hackers.

Researchers from Web security firm Zscaler ran a simple search and easily located 118,194 Hewlett-Packard printer-scanners, 9,431 Cannon photocopiers and 3,554 D-Link webcams equipped as Internet-connected Web servers.

Any intruder could do the same thing, then take over control of devices protected by weak passwords, says Michael Sutton, Zscaler's vice president of research. The intruder could then steal images of documents stored in a copier's memory or take control of webcams placed inside a work area.

"I'd be surprised if attackers weren't already taking advantage," says Sutton, who released the findings Thursday at the Black Hat cybersecurity conference here. "They'd be foolish not to. It's just too easy."

Web server software today gets built into most printers, scanners, photocopiers, webcams, DVRs and other common workplace equipment. This is done to make it easy for technicians to troubleshoot the devices and change settings over the Internet.

"It's a much more convenient approach," says Sutton. "The problem occurs when such servers are enabled by default and either not password protected or protected only by a common default password."

Yet, many companies aren't bothering to lock down server software in commonplace office appliances. Zscaler also easily located 436,947 Cisco routers, switches and other networking appliances equipped as rudimentary Web servers.

An intruder taking control of a Cisco device could monitor and even redirect network traffic, gaining prime position deep inside an organization's network to steal authentication log-ons and proprietary documents.

Link:
http://www.usatoday.com/tech/news/computersecurity/2011-08-04-hackers-printers-office-equipment_n.htm