A few months ago (I think it was here on HN) I found a MIT paper that explains how to reconstruct what a old dot matrix printer is printing only by recording and analyzing the sound it makes. The idea is kinda fascinating - at least to me.
Basically, the shared ground of the local electrical infrastructure of any given building may act as an antenna, and allow attackers to detect EM keystroke signals that can be detected on the power plug.
They demonstrated it working over
distances of 1, 5, 10 and 15m from a
target, far enough to suggest it could
work in a hotel or office.
A few years back I bought a used HP volume laser printer on ebay. When I went to configure it it had some existing ip addresses entered and when I checked they trace back to the CIA or the NSA (honesty can't remember which but it was one or the other).
Reading this post got me thinking
a) you would think they would have flushed that from the machine before giving to a third party (where I purchased from).
b) I would imagine that some agency (not necessarily of our government) could sell used equipment with the express intent of modifying in some way to collect info. Possibly even target (ala the dropped usb in a parking lot) specific companies or individuals.
Try not to think about the companies that are these days printing out QR codes for bitcoin secret keys to store in bank vaults that will eventually hold double-digit millions in the next few years.
So many orgs still have terrible opsec (and believe otherwise), and there's basically no excuse this far into the game. :(
7 comments
[ 4.8 ms ] story [ 22.2 ms ] threadhttp://news.bbc.co.uk/2/hi/technology/8147534.stm
Basically, the shared ground of the local electrical infrastructure of any given building may act as an antenna, and allow attackers to detect EM keystroke signals that can be detected on the power plug.
I think this is the doc from presentation:http://www.blackhat.com/presentations/bh-usa-09/BARISANI/BHU...
Sounds like the technique is similar for fax machines.
When I first read about it as a kid, I was in awe.
Reading this post got me thinking
a) you would think they would have flushed that from the machine before giving to a third party (where I purchased from).
b) I would imagine that some agency (not necessarily of our government) could sell used equipment with the express intent of modifying in some way to collect info. Possibly even target (ala the dropped usb in a parking lot) specific companies or individuals.
So many orgs still have terrible opsec (and believe otherwise), and there's basically no excuse this far into the game. :(
http://www.rootsecure.net/content/downloads/pdf/optical_temp...
I wonder how long it's going to take until we have some details from the reverse engineering of the bugs they find in those fax machines...