Rain Technology reported on June 27 that today, the Ministry of State Security’s WeChat official account issued a document reminding printers that from daily operations to equipment scrapping, there are complex and diverse channels that are prone to causing hidden dangers of leakage, and they need to be paid attention to and protected.
It is understood that there are three risks of leaks in the printer, as follows:
Malicious “poison source” precise attack.
This supply chain attack model pollutes the enterprise development environment and embeds malicious code into official software, forming a precise attack model of “download is hit”. In recent years, software supply chain security issues have become increasingly prominent. Users should be extra vigilant when downloading and installing software such as printer drivers to avoid falling into such traps.
Print content is delivered across the air.
The high-voltage electrostatic field of laser printers and the piezoelectric ceramic vibration of inkjet printers will generate captured electromagnetic signals, which can pass through conventional building walls and glass. Through specific algorithms, the printed content can be clearly restored, which has extremely strong concealment. The theoretical basis of this technology has long existed, but with the improvement of signal processing capabilities and the miniaturization of eavesdropping devices, its real threats are also increasing. Safety experts recommend that when dealing with highly sensitive information, use of electromagnetic shielding rooms or other physical isolation measures should be considered.
This “invisible leak channel” is easily exploited by overseas spy intelligence agencies, stealing printed content, and posing risks of leaking. In response to such risks, enterprises or institutions should strengthen the safety management of office space, conduct electromagnetic safety inspections regularly, and strictly control the printing of confidential information.
Print content secondary restore.
Prints generally have built-in storage modules, which automatically cache printing task records, including output files, scanned images and other information.
If the printer that has processed confidential files is eliminated, the memory chip is not properly processed, even if the print record is deleted and the factory settings are restored, the underlying data can still be restored through technical means, which poses a risk of loss of secret leakage. Advances in data recovery technology make it possible that even formatted or deleted files may still be restored. This also reminds users that sensitive data must be completely cleared to ensure information security when dealing with obsolete equipment.
The work found that overseas spy intelligence agencies specially purchased second-hand printers to extract residual confidential documents to form a hardware stealing industry chain. This exposes security loopholes in the recycling process of second-hand equipment, and requires relevant departments to strengthen supervision and establish a complete traceability mechanism to prevent the spread of leakage risks.
Before installation, use antivirus software to check hash value to ensure that the driver source is reliable. This is an effective security measure to prevent downloading of tampered malicious drivers. At the same time, regularly update the antivirus software virus database to maintain defense capabilities.
Printers that process confidential files are prohibited from accessing the Internet, cancel non-essential options such as remote control and sharing printers, and turn off non-essential peripheral interfaces such as USB and Bluetooth. Restricting network access and peripheral interfaces can effectively reduce the risk of printers being attacked and form a physical security barrier.
In addition, it is safer to use printing equipment with detachable memory chips and use official tools to perform in-depth data erasing when dealing with phased out devices. At the same time, you should also pay attention to regularly checking the printer firmware, timely update patches, and patching potential security vulnerabilities.
A special person is also set up to remove the memory chip, perform physical demagnetization, and finally, the equipment that has processed confidential documents is entrusted to an organization with confidential qualifications to destroy it to ensure that there is no accident. Choosing a qualified institution for destruction can ensure that the destruction process meets security standards and avoid the risk of data breaches.
