SSL and internet security news

Tag Archive: printers

Auto Added by WPeMatico

Analysis of Printer Watermarking Techniques

Interesting paper: Maya Embar, Louis M. McHough IV, and William R. Wesselman, “Printer watermark obfuscation,” Proceeding
RIIT ’14: Proceedings of the 3rd annual conference on Research in information technology

Abstract: Most color laser printers manufactured and sold today add “invisible” information to make it easier to determine when a particular document was printed and exactly which printer was used. Some manufacturers have acknowledged the existence of the tracking information in their documentation while others have not. None of them have explained exactly how it works or the scope of the information that is conveyed. There are no laws or regulations that require printer companies to track printer users this way, and none that prevent them from ceasing this practice or providing customers a means to opt out of being tracked. The tracking information is coded by patterns of yellow dots that the printers add to every page they print. The details of the patterns vary by manufacturer and printer model.

Powered by WPeMatico

Jumping Air Gaps with All-in-One Printers

Last week, Adi Shamir gave a presentation at Black Hat Europe on using all-in-one printers to control computers on the other side of air gaps. There’s no paper yet, but two publications reported on the talk:

Theoretically, if a malicious program is installed on an air-gapped computer by an unsuspecting user via, say, a USB thumb drive, attackers should have a hard time controlling the malicious program or stealing data through it because there is no Internet connection.

But the researchers found that if a multifunction printer is attached to such a computer, attackers could issue commands to a malicious program running on it by flashing visible or infrared light at the scanner lid when open.


The researchers observed that if a source of light is pointed repeatedly at the white coating on the inside of the scanner’s lid during a scanning operation, the resulting image will have a series of white lines on darker background. Those lines correspond to the pulses of light hitting the lid and their thickness depends on the duration of the pulses, Shamir explained.

Using this observation the researchers developed Morse code that can be used to send pulses of light at different intervals and interpret the resulting lines as binary data­1s and 0s. Malware running on an air-gapped system could be programmed to initiate a scanning operation at a certain time — for example, during the night — and then interpret the commands sent by attackers using the technique from far away.

Shamir estimated that several hundred bits of data can be sent during a single scan. That’s enough to send small commands that can activate various functionality built into the malware.

This technique can be used to send commands into an air-gapped computer network, and to exfiltrate data from that network.

Powered by WPeMatico