The Xerox Copy Scandal

There’s a famous Cold War story about thousands — or tens of thousands — of Xerox machines in potentially sensitive locations around the world having elegantly crafted cameras inserted into them by “repair technicians.” The idea being, the cameras would record onto strip-film every document the machines copied. Since the machines were intricate and massively complex devices, the insertion of a camera was not easy to spot.

Now Xerox machines are again the focus of attention in security circles… it seems there’s a bug in their firmware capable of subtly changing documents. As in, changing “6” to “8” on blueprints and the like.

This probably isn’t a malicious thing, unlike the cameras. (Unless a competitor snuck an evil engineer into Xerox R&D.) It is nevertheless quite serious, as the numbers on e.g. blueprints, prescriptions, and contracts ought to stay the same from one copy to the next… and it illustrates nicely that point I’m fond of making:

“Don’t trust things you don’t understand.”

” In this article I present in which way scanners / copiers of the Xerox WorkCentre Line randomly alter written numbers in pages that are scanned. This is not an OCR problem (as we switched off OCR on purpose), it is a lot worse – patches of the pixel data are randomly replaced in a very subtle and dangerous way: The scanned images look correct at first glance, even though numbers may actually be incorrect. Without a fuss, this may cause scenarios like:

Incorrect invoices
Construction plans with incorrect numbers (as will be shown later in the article) even though they look right
Other incorrect construction plans, for example for bridges (danger of life may be the result!) Incorrect metering of medicine, even worse, I think.

To make things even more worse: The copiers in question are the common Xerox WorkCentres, and Xerox seemed to be unaware of the issue until we found out about it last Wednesday. Whats more, not only one different WorkCentre model seems to be affected, as we tested at least two with this issue (Xerox WorkCentre 7535 and 7556). Additionally, the current software release, as installed by xerox support, did not solve the issue, thus, the issue existed on the very old release we had installed, as well as on a very new one. The error has been confirmed by a xerox rental firm in the meantime, and Xerox is investigating as well, so it does not seem to be some dumb handling error or something similar (if I was thinking this, I of course would not publish it here). “

%d bloggers like this: