Network Security of Scan2Net Scanners
All Scan2Net scanners—including WideTEK, BookTEK, and OEM models—share one core feature: their internal firmware is built on a Linux-based system.
As of June 2022, the scanners run Debian 10.12, a stable Linux distribution that continues to receive security updates. Users can conveniently apply patches via the Debian website whenever their scanner is connected to the internet. Once support for the current stable distribution ends, we will upgrade to a newer version—but only after thorough testing.
Because our scanners operate at high speeds, both the Linux system and all other software components undergo rigorous testing to ensure real-time performance and reliability. This means we don’t automatically adopt the latest software releases; instead, we rely exclusively on fully tested and certified Linux versions.
Scan2Net scanners function more like web servers than traditional PCs.
They do not allow external Linux logins, which minimizes the risk of users injecting malicious code into the system to nearly zero.
Difference between a Scanner and a PC
In a typical PC environment, there is usually at least one user with admin rights and others with limited permissions. These users regularly access the internet and can inadvertently download malicious code through emails, browser extensions, infected websites, USB devices, and other vectors. Their actions, whether intentional or accidental, pose a significant security risk.
Running Linux on a PC reduces this risk somewhat, since most attacks target Windows systems. Still, any PC environment—whether Windows or Linux—differs fundamentally from the Scan2Net scanner’s firmware architecture.
Scan2Net scanners essentially behave like web servers—similar to the hundreds of millions found on the internet. They are accessed over the network via standard TCP/IP protocols and provide an HTML-based graphical user interface (GUI) for all scanner functions. Under normal circumstances, direct Linux login to the scanner is not possible. Software like ScanWizard operates with the lowest user permissions on the Linux system.
While the scanner’s web server allows user logins with roles such as User, Poweruser, and Admin, these logins are confined strictly within the application layer. They do not grant any access to the underlying Linux operating system. Think of it like logging into an online store with personal credentials—you gain access to your account, but not to the store’s backend system.
This design significantly minimizes the risk of opening backdoors or vulnerabilities compared to standard workstations. Nearly all exploits require user interaction with operating system-level permissions, which simply doesn’t occur in the scanner’s firmware. Additionally, Scan2Net scanners are typically only visible within an intranet, meaning potential attacks usually originate from inside the connected network.
