I started the network forensics security contest at DEFCON (separate from the wall of sheep contest that I believe is still running) and one of my favorite challenges was recovering printer traffic. The contest was a race to see who could finish X number of challenges first with each round getting harder. The last puzzle was a TCP dump of MiTM’d printer traffic. I intended for them to carve out the document data and feed it into Gutenprint, but in the name of speed they speed over to Fry’s, shoved a piece of promo paper into a printer and powered it on, then replayed the TCP traffic to the printer. Probably one of my favorite solutions. About an hour later they also did it via Gutenprint just to show they could.
"Most color laser printers and color copiers are designed to print invisible tracking codes across every single printed page of their output. These codes reveal which machine produced a document and, in some cases, when the document was printed or copied."
Always wondered if this was defeated by ensuring the entire page uses maximum yellow color edge-to-edge with 0 margin.
The background wouold have to be full saturation yellow, and your text would have to be full saturation green or orange to ensure yellow is printed where text or monochrome images is printed (unless it's impossible to detect yellow dots mixed with black ink).
Not good enough. It might print a pattern of white pixels too. You need a yellow random-halftoned background. I would not be surprised to learn that this also is defeated by some kind of FFT scheme used just for such images. There is plenty of room for code of practically unlimited sophistication.
Got to figure anything you print is compromised, which might be an intended point.
I've heard this (well, about the drum, but the transfer roller?) but it's incidental and can be changed by changing the drum, and is not an intentional tracking device that encodes date of printing, device ID etc. such that some DB can be used to track it.
Transfer roller, of course. Note how print quality degrades as you get towards the bottom of a toner cartridge on a cheap printer, the consistent pattern of print artifacts.
>changed by changing the drum
Sure, it depends on the threat model. If you're producing many documents some time apart, replacing drums and cartridges could be a purchase signal in of itself. If you're doing something very risky, like publishing nuclear weapon plans, ISIS recruitment flyers, or Clinton foundation invoices, then leaking just a few bits of identifying information could be life-ending. Cf https://www.gwern.net/Death-Note-Anonymity
> This drawing is from patent 3,855,983, issued to Zopppoth[sic] in 1967 for a miniature surveillance camera.
Trying to look up that patent number[1] finds something completely unrelated: A magnetic sensor device in the ignition system for an internal combustion engine, awarded to Robert J. Valek at Motorola, Inc. Even a search of the inventor's last name[2] finds nothing by the last name of Zoppoth or Zopppoth (with 3 p's as shown in the caption).
I'm guessing that either there was a typo in the article, or that the Xerox patent was never issued and the number was reused by someone else (can that happen?), or that secret U.S. patents have a different numbering system that duplicates real U.S. patent numbers.
I worked at Xerox for over 20 years and never heard this story. Not surprising, though, there were lots of little groups working on things they never spoke of.
I also worked at Xerox. They were good at keeping their employees in the dark. Xerox believed in keeping as much information secret as possible, even from customers who needed (and were entitled to) technical information about the equipment they leased at exorbitant cost, like the 9700 laser printer (120 pages/min, two-sided in 1979).
They did such a great job of focusing on copiers, that they blew their lead in the major technologies of the century: GUI, mouse, laser printing, LAN.
Every new hire gets a copy of "The billions nobody wanted", the story of Chester Carlson, his invention of xerography, and how many companies turned him down. It's ironic that they repeated the same mistakes.
I wonder if some good samaritan could use this to make a canned solution to automagically turn off every HP "DIRECT" wifi that's unused 99.99% of the time and pollutes the wifi spectrum in any residential setting.
Any person or company using US hardware/software should understand that it may have been tainted at the request of the US state, and that for the manufacturer/provider of the hardware/software to disclose said tainting is also illegal.
I’d be very interested to see a list of countries that didn’t have equivalent powers. What vendors and supply chains do you imagine are immune from this problem?
Printers are still a cybersecurity issue, it's incredible how often we still see printers on the same LAN as workstation given the horrible state of their security, and that random people are expected to come to "fix" them regularly...
I recently watched Enemy of the State which came out in 1999 and the level of technology and spying was really surprising to me. I wonder how many people at the time thought the government’s ability was overstated for the movie.
Also kind of crazy they were using “terrorism” as a guise for invading our privacy even before 9/11.
The Hollywood films almost by rule distort the real details, but some scripts do manage to pass the general idea.
Never trust the Hollywood details but if you are interested in any topic, search the books (or the news articles) that did the research based on the primary sources.
If you're interested in the history of older "spying" technology (as in NSA) see the books of James Bamford. Or, more recently, search for coverage of what is known due to Snowden.
Some details emerge much later, e.g. about the quality of the pictures achievable from the satellites in sixties (i.e. more than 50 years ago):
Enemy of the State was overstated at the time. It resembles 21st century spying programs so closely because the US government used the movie as a blueprint to develop those programs: https://www.nature.com/articles/d41586-019-01792-5
I did a whole bunch of HN searches and couldn't find a previous submission. I did find a few people mentioning it in comments to other stories. Perhaps you're thinking of the similar incident in which the Soviets bugged the American embassy’s typewriters[1]?
By the way, the earliest original reporting of the story I found is from Popular Science[2], Jan. 1997, "Spies in the Xerox Machine", page 70. (The Popular Science article has the same bogus patent number I mentioned in another comment.)
Thanks for looking! You may be right but I have the feeling of two separate memories, one about the more famous typewriter story, and one about this Xerox thing. Oh well.
Reminds me of a guy who hacked into Xerox machine (could have been Canon etc. really, can’t remember anymore) they used to print exam questions in computer sciences faculty (~1995). And who then had a short but lucrative run of selling those questions to other students. He obviously got ratted out rather quickly and got expelled from college.
As advice for everyone mentioning smart printers, many aren't aware that modern laser printers have their own version of applets, either with their own Java dialect, or some other form of proprietary language/native SDK.
They are proper computers, with everything that a CPU with network connection might be capable of.
>>Next, they installed a camera in a machine at the main Xerox office in Webster. "When we developed the pictures, we found recipes and copies of music and cartoons and jokes and all kinds of things," Zoppoth says.
So ... the illegally spied on US citizens in order to test their spycraft. Translate this into today's tech. It would be like a CIA spook installing some code on a US website as a trial run before installing it on FSB.com. Did they have a camera in the photocopier during the office Christmas party? This is why any government actor in position to spy on anyone needs regulation and oversight.
>> Judging by the number of parts ordered from Xerox, Zoppoth believes that spy cameras may have been installed in photocopiers all over the world, to keep an eye on U.S. allies as well as enemies.
> So ... the illegally spied on US citizens in order to test their spycraft.
Xerox employees installed the rig on a copier at the Xerox workplace to test the camera they invented, and Xerox employees looked at the photos of the documents. This was before they turned the camera over to the "CIA spooks", who did not (according to the story) look at the documents in the US headquarters of Xerox.
I agree 100% with your points about the need for regulation and oversight, but this is not the incident that carries those points.
