Attackers are exploiting the browser-based management and configuration tools found in common office appliances to compromise systems and steal data, according to researchers at Zscaler.
The security firm will deliver a presentation a next week's Black Hat conference which shows the ease with which an attacker can exploit web-enabled devices such as scanners, photocopiers and telephony equipment to steal information.
Michael Sutton, vice president of security research at Zscaler, told V3 that in many cases, an attacker can simply scan addresses until a connected device is found and a target selected.
Such devices have little to no security protection, resulting in what Sutton describes as "corporate espionage for dummies".
"There is not really any hacking involved. You just find this device and it is there sitting ready for abuse. This is functionality that was designed so you could use it," he said.
Zscaler found that security components are often unpatched or on their default settings, allowing an attacker to look up passwords and access codes from online support material.
Sutton explained that if an attacker compromised a photocopier, for example, all scanned documents and stored data on the device could be harvested.
"I am literally able to connect to photocopiers for private companies and clearly see documents," he said.
"If you had confidential a document you wouldn't leave it on an employee's desk, but you are practically doing the same thing."
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago