Researchers have developed a method (pdf) by which they are able to record the sound of a dot matrix printer in operation and recreate the information that was printed based on the audio data. Data leakage from electronic devices isn’t new (TEMPEST comes to mind). However, it seems like the higher-profile methods tend to encompass electromagnetic properties rather than mechanical properties.

Personally, I haven’t seen many big, old-school dot-matrix printers still in operation. But the article suggests that physicians and banks are hoarding them (at least in Germany). This makes them an interesting target for a resourceful attacker.

The researchers were very thorough, trying different microphones and setups to determine the effective range of the attack; the results were impressive. Optimally they can get 72% of printed English text and even better results when they take contextual knowledge into account.

The researchers focused on a real-world scenario of capturing data from a physician’s office. However, I think this research can also be applied to dot-matrix receipt printers that some stores and businesses use. Receipts can contain all kinds of goodies– especially when they include special codes. It’s probably not something to worry about as a real threat to a consumer or business (the process is targeted, awkward, and error prone). Even still, I wouldn’t mind seeing how practical an acoustic attack on those mini dot-matrix printers would be.

Whitepaper here.

This entry was posted on Friday, August 20th, 2010 at 11:49 pm by Nick Staples and is filed under data protection, data theft. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.