Security tip: Change copier and printer passwords

Posted On August 5, 2011 By Kevin O'Brien

Office equipment security is back in the news again.  USA Today has just released an article detailing the released findings and makes reference to printers and copiers as potential targets.

While much of the information stated in the article is fact, there are many options out there to minimize risk to your business.  For instance, your personal router which was obtained from a local chain store has probably shipped with a weak default user name and password.  In some cases (depending on the manufacturer) your device may ship with only a user name and no password.  In this case the user has been instructed to change the default information but this step is rarely followed.  If a hacker were to breach the security of this network they would easily be able to gain access to the web interface of this device, re-route network traffic, and/or change network settings to prevent network activity.  Changing your default user names and passwords in network critical devices such as routers is a must.

Your office equipment is a lot less vulnerable in this aspect but still carry some of the same default authentication options.  All administrators are encouraged to change and keep track of their network appliance passwords, which includes printers and copiers.  Just about every new office device comes with some sort of web interface to make configuration and operation easy not only for administrators but end users.  Disabling such a feature is an option but in most cases it will make configuration a challenge.  Advance recommends changing the default passwords upon first use and continue to use the benefits of the web interface.

If hackers are gaining access to your office equipment you really must ask yourself, is my network secure?  Hackers that have breached the LAN have already exploited other vulnerabilities in the network and those must be addressed immediately.  There are other extenuating circumstances that may allow a hacker to directly access a device web interface from public space without even accessing the LAN.  These would be devices that are assigned unsecured public IP addresses or are located inside the DMZ of a network.

Regardless of where the device is located simple techniques such as password complexity requirements can help minimize equipment security breaches.  While we do not actually change or administer passwords, Advance technicians work with I.T. departments and end users at the time of installation to address such concerns and recommend steps to change passwords and increase security.