Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

01:39 PM
Connect Directly
RSS
E-Mail
50%
50%

Dot-Matrix Printers and the Sound of Security Risk

Sometimes I just run across something that makes me go, "Hmm." In this case, it was the editor's note from a sister brand's e-mail newsletter, Dr. Dobbs Update, which is produced by the makers of technology resource Dr. Dobbs.

Sometimes I just run across something that makes me go, "Hmm." In this case, it was the editor's note from a sister brand's e-mail newsletter, Dr. Dobbs Update, which is produced by the makers of technology resource Dr. Dobbs.In it, editorial director Jonathan Erickson discusses the state of dot-matrix printers in today's technology world. According to a study he cited, the loud, "old fashioned" printers are still alive and kicking-especially in banking, with 30 percent of banks surveyed admitting to using the devices.

However, caution researchers from Saarland University, financial institutions and others who use these printers should be aware of a security risk unique to these kinds of output devices. In the paper "How Printers Can Breach Our Privacy: Acoustic Side-Channel Attacks On Printers," the team concluded that clever criminals can discern very sensitive information that is in the midst of being printed (account numbers, medical information, and the like.) by paying attention to the sounds coming from the printer.

According to Erickson: What the researchers discovered is that by capturing (recording) the ratta-tat-tat of dot-matrix printers, then applying feature extraction from speech-recognition (Hidden Markov Models) and music processing, you can extract valuable, private data from dot-matrix printers.

The researchers say that although dot-matrix printers are outdated for private use, they "continue to play a surprisingly prominent role in businesses where confidential information is processed, in particular in banks (for printing account statements, transcripts of transactions, etc.) and doctor's practices (for printing the patients' health records and medical prescriptions)."

Why the continued love affair with such out-dated printers? The Saarland team claims there are several reasons the printers are still present in businesses, including robustness, cheap deployment, incompatibility of modern printers with old hardware, and, overall, the lack of a compelling business case for modernizing such hardware. On the medical front, they also note that several European countries, such as Germany, Switzerland and Austria, have laws on the books mandating the use dot-matrix (carbon-copy) printers for printing prescriptions of narcotic substances.

The study is a pretty interesting read from what I saw. But it just amazes me that this kind of acoustic exploit exists out there. However, after additional follow up my colleague at Dr. Dobbs, it turns out the acoustic exploit is well-known. Erickson says there actually is a special "Tempest" certification for equipment that reduces, eliminates or obfuscates the inadvertent "signals" produced by printers. These are in use by government and military facilities, for instance.

By the way, of the 30 percent of banks that said they use dot-matrix printers, only 8.3 percent said they planned to replace them with more modern equipment. But, I suppose the industry can take heart in the fact that doctors' offices are even more guilty of using the noisy devices-58.4 percent of those surveyed, to be precise. Furthermore, fewer of them (4.7 percent) plan on upgrading any time soon.

Register for Bank Systems & Technology Newsletters
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.