Many types of Web-connected photocopiers, scanners, and VoIP servers have no default passwords or other security enabled to stop remote eavesdropping.
Numerous models of printers, photocopiers, and voice over IP (VoIP) systems are Internet-connected. But their embedded Web servers often use well-known default passwords or firmware that has known vulnerabilities, either of which could be used by remote eavesdroppers to intercept internal communications...
Web-accessible photocopiers and the like are essentially repositories of any recent documents or communications of interest, and thus could serve as a competitive intelligence treasure trove.
Some devices even offer would-be attackers time-saving shortcuts. Certain models of Sharp photocopiers, for example, can be set to upload all scanned or copied documents to an external site via FTP, or email them to an outside email address. Meanwhile, some HP all-in-one printers have a feature called Webscan, which allows anyone with a browser to scan and download whatever is on the scanner bed. (more)