Eavesdropping on Fax Machines and Inkjets (and happy birthday, Tesla)

The Snowden/Guardian image of the bugged EU fax machine led to some fascinating commentary… Markus Kuhn (of Ross Anderson’s group at Cambridge) points out that the displayed image is characteristic of a “compromising emanations” attack on office equipment.

Kuhn goes on to list a number of likely attack scenarios: modifying the fax to increase emanations, installing an emanation-recording device nearby, illuminating the target device with microwaves and looking for data in the backscatter, etc.

The comments then feature an interesting discussion on the comparative difficulty of eavesdropping on inkjets. While laser printers produce very reliable and easy to intercept signals (fixed scan rates), inkjets introduce complexity due to “smart” algorithms deciding to move the print head only so far… so it’s hard to say for sure which position-on-the-page each energy spike on the page corresponds to.

On the other hand, JMA weighs in to the comments, pointing out that the spikes of energy released are extremely strong and easy to intercept. *Once you know the printer model*, you can therefore reconstruct the image. Markus Kuhn confirms this ought to be possible *in theory*, but a *royal pain* in practice and you really do have to have a “reference model” of the printer to reverse engineer in the lab.

Why are inkjet signals so strong? An earlier commenter gives a clue. Firing a nozzle starts with a power transistor suddenly turning ON, partially discharging a large capacitor.

This is an extremely high current, presumably fast *fall time* signal. In other words, very high bandwidth (maybe even UWB) and therefore fiendishly difficult to shield.

Happy Birthday Tesla! It’s the guy’s 157th birthday. Go build yourself a coil. http://www.edn.com/electronics-blogs/nikola-tesla/4389991/Nikola-Tesla-is-born–July-10–1856


“I was intrigued this morning to see on the front page of the Guardian newspaper a new revelation by NSA whistleblower Edward Snowden: a US eavesdropping technique “DROPMIRE implanted on the Cryptofax at the EU embassy [Washington] D.C.”. I was even more intrigued by an image that accompanied the report[…]

Having done many experiments to eavesdrop on office equipment myself, the noisy image at the bottom third of the picture above looked instantly familiar: it is what you might get from listening with a radio receiver on the compromising emanations of a video signal of a page of text.”

%d bloggers like this: