
Eavesdropping a fax machine - moxie
http://www.lightbluetouchpaper.org/2013/07/01/eavesdropping-a-fax-machine-2/
======
negativity
Here's an article from back in 2009 that rings a bell:

[http://news.bbc.co.uk/2/hi/technology/8147534.stm](http://news.bbc.co.uk/2/hi/technology/8147534.stm)

Basically, the shared ground of the local electrical infrastructure of any
given building may act as an antenna, and allow attackers to detect EM
keystroke signals that can be detected on the power plug.

    
    
      They demonstrated it working over 
      distances of 1, 5, 10 and 15m from a 
      target, far enough to suggest it could 
      work in a hotel or office.
    

I think this is the doc from presentation:

[http://www.blackhat.com/presentations/bh-
usa-09/BARISANI/BHU...](http://www.blackhat.com/presentations/bh-
usa-09/BARISANI/BHUSA09-Barisani-Keystrokes-SLIDES.pdf)

Sounds like the technique is similar for fax machines.

------
LinaLauneBaer
A few months ago (I think it was here on HN) I found a MIT paper that explains
how to reconstruct what a old dot matrix printer is printing only by recording
and analyzing the sound it makes. The idea is kinda fascinating - at least to
me.

~~~
chronomex
[http://www.usenix.org/event/sec10/tech/full_papers/Backes.pd...](http://www.usenix.org/event/sec10/tech/full_papers/Backes.pdf)

------
larrys
A few years back I bought a used HP volume laser printer on ebay. When I went
to configure it it had some existing ip addresses entered and when I checked
they trace back to the CIA or the NSA (honesty can't remember which but it was
one or the other).

Reading this post got me thinking

a) you would think they would have flushed that from the machine before giving
to a third party (where I purchased from).

b) I would imagine that some agency (not necessarily of our government) could
sell used equipment with the express intent of modifying in some way to
collect info. Possibly even target (ala the dropped usb in a parking lot)
specific companies or individuals.

~~~
sneak
Try not to think about the companies that are these days printing out QR codes
for bitcoin secret keys to store in bank vaults that will eventually hold
double-digit millions in the next few years.

So many orgs still have terrible opsec (and believe otherwise), and there's
basically no excuse this far into the game. :(

------
hobs
Reminds me of Van Eck Phreaking.
[http://en.wikipedia.org/wiki/Van_Eck_phreaking](http://en.wikipedia.org/wiki/Van_Eck_phreaking)

When I first read about it as a kid, I was in awe.

------
sneak
See also: optical TEMPEST eavesdropping on a CRT using a high-speed
photosensor and a telescope:

[http://www.rootsecure.net/content/downloads/pdf/optical_temp...](http://www.rootsecure.net/content/downloads/pdf/optical_tempest_crt.pdf)

I wonder how long it's going to take until we have some details from the
reverse engineering of the bugs they find in those fax machines...

